Cross-Site Scripting Vulnerability in Postie Plugin for WordPress
CVE-2012-2580

Currently unrated

Key Information:

Vendor

Wordpress
Status
Postie
Vendor
CVE Published:
20 June 2014

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2012-2580?

A cross-site scripting (XSS) vulnerability exists in the Postie plugin for WordPress, allowing remote attackers to inject arbitrary web scripts or HTML by manipulating the From field of an email. If successfully exploited, this vulnerability can lead to unauthorized actions being performed on behalf of a user, potentially compromising sensitive data or website functionality. This issue affects Postie plugin versions up to 1.5.15 and requires immediate attention to secure affected WordPress installations.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2012-2580 - Proof of Concept

References

http://osvdb.org/84532
vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/77537
vdb-entryx_refsource_XF
http://secunia.com/advisories/50207
third-party-advisoryx_refsource_SECUNIA

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.