Cross-Site Scripting Flaw in Video Lead Form Plugin for WordPress
CVE-2012-6312

Currently unrated

Key Information:

Vendor: Wordpress
Status: Uk-cookie
Vendor: CVE Published:; 11 December 2012

What is CVE-2012-6312?

The Video Lead Form plugin for WordPress contains a cross-site scripting vulnerability that permits remote attackers to inject arbitrary HTML or web scripts through the 'errMsg' parameter in a specific action to wp-admin/admin.php. This security flaw can lead to unauthorized operations and exposure of sensitive user data if exploited. Users are strongly advised to review the plugin updates and apply necessary security patches to mitigate risk.

References

http://wordpress.org/extend/plugins/video-lead-form/chang...

x_refsource_MISC

http://archives.neohapsis.com/archives/bugtraq/2012-12/00...

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 11, 2012

Wordpress

What is CVE-2012-6312?

References

Timeline