Cross-Site Scripting in WP-FaceThumb Plugin for WordPress
CVE-2012-2371

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-facethumb
Vendor: CVE Published:; 13 August 2012

Summary

The WP-FaceThumb plugin version 0.1 for WordPress is susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw allows remote attackers to inject arbitrary web scripts or HTML code via the 'pagination_wp_facethumb' parameter in the index.php file. Successful exploitation of this vulnerability could enable an attacker to manipulate the content delivered to users, potentially leading to data theft, malicious actions, or further system compromise.

References

http://secunia.com/advisories/49143

third-party-advisoryx_refsource_SECUNIA

http://packetstormsecurity.org/files/112658/WordPress-WP-...

x_refsource_MISC

http://www.securityfocus.com/bid/53497

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 13, 2012