Vulnerability Description
Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ppfeufer | 2-Click-Social-Media-Buttons | <= 0.33 |
| Wordpress | Wordpress | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.org/files/112615/WordPress-2-Click-Socialmedia-ButtonExploit
- http://plugins.trac.wordpress.org/changeset?old_path=%2F2-click-socialmedia-buttExploitPatch
- http://wordpress.org/extend/plugins/2-click-socialmedia-buttons/changelog/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75518
- http://packetstormsecurity.org/files/112615/WordPress-2-Click-Socialmedia-ButtonExploit
- http://plugins.trac.wordpress.org/changeset?old_path=%2F2-click-socialmedia-buttExploitPatch
- http://wordpress.org/extend/plugins/2-click-socialmedia-buttons/changelog/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75518
FAQ
What is CVE-2012-4273?
CVE-2012-4273 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xi...
How severe is CVE-2012-4273?
CVE-2012-4273 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4273?
Check the references section above for vendor advisories and patch information. Affected products include: Ppfeufer 2-Click-Social-Media-Buttons, Wordpress Wordpress.