Cross-Site Scripting in WP-FaceThumb Plugin for WordPress
CVE-2012-2371

Currently unrated

Key Information:

Vendor

Wordpress
Status
WP-facethumb
Vendor
CVE Published:
13 August 2012

What is CVE-2012-2371?

The WP-FaceThumb plugin version 0.1 for WordPress is susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw allows remote attackers to inject arbitrary web scripts or HTML code via the 'pagination_wp_facethumb' parameter in the index.php file. Successful exploitation of this vulnerability could enable an attacker to manipulate the content delivered to users, potentially leading to data theft, malicious actions, or further system compromise.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/49143
third-party-advisoryx_refsource_SECUNIA
http://packetstormsecurity.org/files/112658/WordPress-WP-...
x_refsource_MISC
http://www.securityfocus.com/bid/53497
vdb-entryx_refsource_BID

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.