Vulnerability Details CVE-2012-5349
Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.046
EPSS Ranking 88.8%
CVSS Severity
CVSS v2 Score 2.6
References
- http://secunia.com/advisories/47475
- http://wordpress.org/extend/plugins/pay-with-tweet/changelog/
- http://www.exploit-db.com/exploits/18330
- http://www.osvdb.org/78205
- http://www.securityfocus.com/bid/51308
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72166
- http://secunia.com/advisories/47475
- http://wordpress.org/extend/plugins/pay-with-tweet/changelog/
- http://www.exploit-db.com/exploits/18330
- http://www.osvdb.org/78205
- http://www.securityfocus.com/bid/51308
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72166
Products affected by CVE-2012-5349
-
cpe:2.3:a:wordpress:pay-with-tweet:*
-
cpe:2.3:a:wordpress:wordpress:-