Cross-Site Scripting Vulnerability in Better WP Security Plugin for WordPress
CVE-2012-4263

Currently unrated

Key Information:

Vendor: Wordpress
Status: Better-WP-security
Vendor: CVE Published:; 13 August 2012

Summary

A cross-site scripting (XSS) vulnerability exists in the Better WP Security plugin for WordPress, specifically in the inc/admin/content.php file, prior to version 3.2.5. This vulnerability allows attackers to inject arbitrary web scripts or HTML code through the manipulation of the HTTP_USER_AGENT header. If successfully exploited, this flaw can lead to compromised user sessions or unauthorized access to sensitive information, highlighting the importance of updating the plugin to mitigate potential risks.

References

http://plugins.trac.wordpress.org/changeset?old_path=%2Fb...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/53480

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/75523

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 13, 2012
Vulnerability Reserved
Aug 13, 2012