Cross-Site Scripting Vulnerability in s2Member Pro Plugin for WordPress
CVE-2011-5082

Currently unrated

Key Information:

Vendor: Wordpress
Status: S2member
Vendor: CVE Published:; 19 March 2012

Summary

The s2Member Pro plugin for WordPress contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web scripts or HTML. This vulnerability is particularly exploited via the 'Coupon Code field' parameter, which can lead to unauthorized access and the execution of malicious scripts in the context of an authenticated user. Proper validation and sanitization mechanisms in the plugin are critical to mitigate this risk and protect user data.

References

http://secunia.com/advisories/47954

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/51997

vdb-entryx_refsource_BID

http://www.primothemes.com/forums/viewtopic.php?f=4&t=161...

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 19, 2012
Vulnerability Reserved
Mar 19, 2012