Cross-Site Scripting Vulnerability in ZooEffect Plugin for WordPress
CVE-2011-5180

Currently unrated

Key Information:

Vendor: Wordpress
Status: Zooeffect
Vendor: CVE Published:; 20 September 2012

What is CVE-2011-5180?

The ZooEffect plugin for WordPress versions prior to 1.02 contains a Cross-Site Scripting (XSS) vulnerability in the wp-1pluginjquery.php file. This flaw permits remote attackers to exploit the page parameter to inject arbitrary web scripts or HTML into the web application. Users may find themselves exposed to unauthorized actions, leading to potential data theft or site compromise. Mitigation involves updating to the latest version of the plugin or implementing security measures to validate inputs and sanitize outputs.

References

http://www.securityfocus.com/bid/50860

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/71572

vdb-entryx_refsource_XF

http://www.osvdb.org/77648

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 20, 2012
Vulnerability Reserved
Sep 19, 2012

Wordpress

What is CVE-2011-5180?

References

Timeline