Cross-Site Scripting Vulnerability in Sentinel Plugin for WordPress
CVE-2011-5225

Currently unrated

Key Information:

Vendor: Wordpress
Status: Sentinel
Vendor: CVE Published:; 25 October 2012

Summary

The Sentinel plugin for WordPress, specifically version 1.0.0, contains a cross-site scripting (XSS) vulnerability that could allow remote attackers to inject arbitrary web scripts or HTML into the affected application. This weakness stems from insufficient input validation in the wordpress_sentinel.php file, enabling attackers to exploit unknown vectors to execute malicious scripts in the context of the user’s session.

References

http://www.securityfocus.com/bid/51089

vdb-entryx_refsource_BID

http://wordpress.org/extend/plugins/wordpress-sentinel/ch...

x_refsource_CONFIRM

http://www.boiteaweb.fr/wordpress-sentinel-v1-0-0-3104.html

x_refsource_MISC

Timeline

Vulnerability published
Oct 25, 2012
Vulnerability Reserved
Oct 25, 2012