Cross-Site Scripting Vulnerability in Advanced Text Widget for WordPress
CVE-2011-4618

Currently unrated

Key Information:

Vendor: Wordpress
Status: Advanced Text Widget Plugin
Vendor: CVE Published:; 24 January 2013

Summary

The Advanced Text Widget plugin for WordPress has a cross-site scripting (XSS) vulnerability within the advancedtext.php file. This flaw allows attackers to manipulate the page parameter, enabling them to inject arbitrary web scripts or HTML content. The vulnerability impacts versions prior to 2.0.2 and poses significant risks to affected WordPress sites if left unpatched.

References

http://plugins.trac.wordpress.org/changeset?reponame=&new...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/71412

vdb-entryx_refsource_XF

http://www.openwall.com/lists/oss-security/2011/12/19/6

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Jan 24, 2013
Vulnerability Reserved
Nov 29, 2011