Cross-Site Scripting Vulnerability in s2Member Pro Plugin for WordPress
CVE-2011-5082

Currently unrated

Key Information:

Vendor

Wordpress
Status
S2member
Vendor
CVE Published:
19 March 2012

What is CVE-2011-5082?

The s2Member Pro plugin for WordPress contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web scripts or HTML. This vulnerability is particularly exploited via the 'Coupon Code field' parameter, which can lead to unauthorized access and the execution of malicious scripts in the context of an authenticated user. Proper validation and sanitization mechanisms in the plugin are critical to mitigate this risk and protect user data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/47954
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/51997
vdb-entryx_refsource_BID
http://www.primothemes.com/forums/viewtopic.php?f=4&t=161...
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.