Cross-Site Scripting Vulnerabilities in Pay With Tweet Plugin by WordPress
CVE-2012-5349

Currently unrated

Key Information:

Vendor: WordPress
Status: Pay-with-tweet
Vendor: CVE Published:; 9 October 2012

Summary

Multiple cross-site scripting vulnerabilities exist within the Pay With Tweet plugin for WordPress, particularly in the pay.php file. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML code through the 'link', 'title', or 'dl' parameters. Exploitation of these weaknesses can lead to unauthorized actions performed on behalf of users, potentially compromising sensitive user data or session information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/72166

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/51308

vdb-entryx_refsource_BID

http://www.exploit-db.com/exploits/18330

exploitx_refsource_EXPLOIT-DB

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 9, 2012
Vulnerability Reserved
Oct 9, 2012