Cross-Site Scripting Vulnerability in Shortcode Redirect Plugin for WordPress
CVE-2012-5325

Currently unrated

Key Information:

Vendor

Wordpress
Status
Shortcode-redirect
Vendor
CVE Published:
8 October 2012

What is CVE-2012-5325?

The Shortcode Redirect plugin for WordPress contains multiple cross-site scripting (XSS) vulnerabilities that allow remote authenticated users with specific permissions to execute arbitrary web scripts or HTML. These vulnerabilities arise from the scr_do_redirect function in scr.php, which improperly sanitizes input from the 'url' and 'sec' attributes within redirect tags. Malicious users can exploit this weakness to insert harmful scripts, potentially leading to data theft or account compromise.

References

http://www.securityfocus.com/bid/51626
vdb-entryx_refsource_BID
http://packetstormsecurity.org/files/view/108914/wpshortc...
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/72620
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.