Cross-Site Scripting Flaw in TimThumb Plugin for WordPress
CVE-2010-5302

Currently unrated

Key Information:

Vendor: WordPress
Status: Timthumb
Vendor: CVE Published:; 21 August 2014

What is CVE-2010-5302?

A Cross-Site Scripting (XSS) vulnerability in the TimThumb plugin, specifically in the timthumb.php file prior to version 1.15, exposes multiple WordPress products to potential attacks. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML through the QUERY_STRING, which could be exploited to execute malicious code in the context of a user's browser. As this flaw can affect a variety of applications using the TimThumb library, it is essential for website owners to update to the latest version to mitigate risks.

References

https://code.google.com/p/timthumb/source/detail?r=88

x_refsource_CONFIRM

http://www.osvdb.org/71878

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 21, 2014