Cross-site Scripting Vulnerability in Whois Search Plugin for WordPress
CVE-2011-5194

Currently unrated

Key Information:

Vendor: Wordpress
Status: Samswhois
Vendor: CVE Published:; 23 September 2012

Summary

The Whois Search plugin for WordPress has a cross-site scripting (XSS) vulnerability which allows attackers to inject arbitrary web scripts or HTML through the 'domain' parameter. This poses a risk to users as it can facilitate unauthorized access or manipulation of site content. This issue affects all versions prior to 1.4.2.3 and is categorized distinctly from related vulnerabilities. Website administrators are advised to implement the latest plugin updates to safeguard against potential attacks.

References

http://www.securityfocus.com/bid/51244

vdb-entryx_refsource_BID

http://secunia.com/advisories/47428

third-party-advisoryx_refsource_SECUNIA

http://plugins.trac.wordpress.org/changeset/482954/wordpr...

x_refsource_CONFIRM

Timeline

Vulnerability published
Sep 23, 2012
Vulnerability Reserved
Sep 23, 2012