Cross-Site Scripting Vulnerability in CMS Tree Page View Plugin for WordPress
CVE-2012-1834

Currently unrated

Key Information:

Vendor

Wordpress
Status
Cms Tree Page View
Vendor
CVE Published:
7 April 2014

What is CVE-2012-1834?

The CMS Tree Page View plugin for WordPress suffers from a Cross-Site Scripting (XSS) vulnerability due to insufficient validation of user input in the cms_tpv_admin_head function. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML via the 'cms_tpv_view' parameter when accessing wp-admin/options-general.php. If exploited, this could lead to the execution of malicious scripts in the browser of any user accessing the affected administrative features, potentially compromising sensitive information or allowing unauthorized actions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/48510
third-party-advisoryx_refsource_SECUNIA
http://www.osvdb.org/80573
vdb-entryx_refsource_OSVDB
http://wordpress.org/extend/plugins/cms-tree-page-view/ch...
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.