Cross-Site Scripting Flaw in WP-RecentComments Plugin for WordPress
CVE-2012-1068

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-recentcomments
Vendor: CVE Published:; 14 February 2012

Summary

The WP-RecentComments plugin for WordPress contains a Cross-Site Scripting (XSS) vulnerability in the rc_ajax function located in core.php. This flaw enables remote attackers to inject arbitrary web scripts or HTML code through the page parameter, specifically associated with AJAX paging mechanisms. This can lead to unauthorized actions on behalf of users and expose sensitive information. It is essential for users to update to version 2.0.7 or later to mitigate potential attacks.

References

http://plugins.trac.wordpress.org/changeset/416723/wp-rec...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/49734

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/70003

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 14, 2012
Vulnerability Reserved
Feb 14, 2012