Cross-Site Scripting Vulnerabilities in Leaflet Plugin by WordPress
CVE-2012-2913

Currently unrated

Key Information:

Vendor: Wordpress
Status: Leaflet Maps Marker Plugin
Vendor: CVE Published:; 21 May 2012

Summary

The Leaflet plugin version 0.0.1 for WordPress is vulnerable to multiple cross-site scripting (XSS) vulnerabilities. Attackers can exploit these flaws by injecting arbitrary web scripts or HTML through the 'id' parameter in specific PHP files, namely leaflet_layer.php and leaflet_marker.php, accessible via wp-admin/admin.php. This could allow remote attackers to execute malicious scripts in the context of users’ sessions, potentially compromising the security of the web application.

References

http://packetstormsecurity.org/files/112699/WordPress-Lea...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/75628

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/53526

vdb-entryx_refsource_BID

Timeline

Vulnerability published
May 21, 2012
Vulnerability Reserved
May 21, 2012