Cross-Site Scripting Vulnerability in TheCartPress Plugin for WordPress
CVE-2011-5207

Currently unrated

Key Information:

Vendor: Wordpress
Status: Thecartpress
Vendor: CVE Published:; 4 October 2012

What is CVE-2011-5207?

A cross-site scripting vulnerability exists in the TheCartPress plugin for WordPress due to improper handling of user input in the admin/OptionsPostsList.php file. This flaw allows remote attackers to inject arbitrary web scripts or HTML through the tcp_name_post_XXXXX parameter, potentially compromising the site and affecting users by executing malicious scripts in their browsers.

References

http://packetstormsecurity.org/files/view/108272/wpcartpr...

x_refsource_MISC

http://plugins.trac.wordpress.org/changeset/482746/thecar...

x_refsource_CONFIRM

http://secunia.com/advisories/47427

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2012
Vulnerability Reserved
Oct 4, 2012

CVE-2011-5207 Data

JSON

Wordpress

What is CVE-2011-5207?

References

Timeline