Cross-Site Scripting Vulnerabilities in Leaflet Plugin by WordPress
CVE-2012-2913

Currently unrated

Key Information:

Vendor

Wordpress
Status
Leaflet Maps Marker Plugin
Vendor
CVE Published:
21 May 2012

What is CVE-2012-2913?

The Leaflet plugin version 0.0.1 for WordPress is vulnerable to multiple cross-site scripting (XSS) vulnerabilities. Attackers can exploit these flaws by injecting arbitrary web scripts or HTML through the 'id' parameter in specific PHP files, namely leaflet_layer.php and leaflet_marker.php, accessible via wp-admin/admin.php. This could allow remote attackers to execute malicious scripts in the context of users’ sessions, potentially compromising the security of the web application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://packetstormsecurity.org/files/112699/WordPress-Lea...
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/75628
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/53526
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.