Vulnerability Details CVE-2012-6511
Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) delete_id parameter or (2) extension parameter in an "Update Setting" action to wp-admin/admin.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://packetstormsecurity.org/files/112086/WordPress-Organizer-1.2.1-Cross-Site-Scripting-Path-Disclosure.html
- http://websecurity.com.ua/5782
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75105
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75106
- http://packetstormsecurity.org/files/112086/WordPress-Organizer-1.2.1-Cross-Site-Scripting-Path-Disclosure.html
- http://websecurity.com.ua/5782
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75105
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75106
Products affected by CVE-2012-6511
-
cpe:2.3:a:organizer_project:organizer:0.4b
-
cpe:2.3:a:organizer_project:organizer:0.5b
-
cpe:2.3:a:organizer_project:organizer:0.6.1b
-
cpe:2.3:a:organizer_project:organizer:1.0.1
-
cpe:2.3:a:organizer_project:organizer:1.0b
-
cpe:2.3:a:organizer_project:organizer:1.1.0
-
cpe:2.3:a:organizer_project:organizer:1.1.1
-
cpe:2.3:a:organizer_project:organizer:1.2.1