Multiple XSS Vulnerabilities in Adminimize Plugin for WordPress
CVE-2011-5128

Currently unrated

Key Information:

Vendor: Wordpress
Status: Adminimize
Vendor: CVE Published:; 29 August 2012

Summary

The Adminimize plugin for WordPress is susceptible to multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web scripts or HTML. This occurs via specific parameters including 'page' options in inc-options/deinstall_options.php, inc-options/theme_options.php, and inc-options/im_export_options.php, as well as through the 'post' or 'post_ID' parameters in adminimize.php. These vulnerabilities enable attackers to manipulate how content is rendered in browsers, potentially leading to unauthorized actions by users.

References

http://wordpress.org/extend/plugins/adminimize/changelog/

x_refsource_CONFIRM

http://plugins.trac.wordpress.org/changeset?reponame=&new...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 29, 2012