XSS Vulnerability in 2 Click Social Media Buttons Plugin for WordPress
CVE-2012-4273

Currently unrated

Key Information:

Vendor: Wordpress
Status: 2-click-social-media-buttons
Vendor: CVE Published:; 13 August 2012

Summary

A cross-site scripting (XSS) vulnerability exists in the 2 Click Social Media Buttons plugin for WordPress, specifically in the libs/xing.php file. This issue allows remote attackers to inject arbitrary web script or HTML code via the xing-url parameter. Attackers exploiting this vulnerability can compromise user sessions, steal cookies, or redirect users to malicious sites, potentially leading to further attacks.

References

http://plugins.trac.wordpress.org/changeset?old_path=%2F2...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/75518

vdb-entryx_refsource_XF

http://packetstormsecurity.org/files/112615/WordPress-2-C...

x_refsource_MISC

Timeline

Vulnerability published
Aug 13, 2012
Vulnerability Reserved
Aug 13, 2012