Cross-Site Scripting Vulnerability in WassUp Plugin for WordPress
CVE-2012-2633

Currently unrated

Key Information:

Vendor: Wordpress
Status: Wassup Plugin
Vendor: CVE Published:; 15 June 2012

Summary

The WassUp plugin for WordPress is susceptible to a cross-site scripting (XSS) vulnerability located in wassup.php. This flaw allows remote attackers to exploit the User-Agent HTTP header to inject arbitrary web scripts or HTML code. If not addressed, this vulnerability could enable unauthorized actions and the exposure of sensitive data, making it imperative for website owners to update to version 1.8.3.1 or higher to ensure their security.

References

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000058

third-party-advisoryx_refsource_JVNDB

http://osvdb.org/82017

vdb-entryx_refsource_OSVDB

http://www.wpwp.org/archives/wassup-1-8-3-1/

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 15, 2012
Vulnerability Reserved
May 14, 2012