Vulnerability Description
Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Commentluv | Commentluv | <= 2.92.3 |
| Wordpress | Wordpress | - |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2013-02/0031.htmlExploit
- http://osvdb.org/89925
- http://packetstormsecurity.com/files/120090/WordPress-CommentLuv-2.92.3-Cross-SiExploit
- http://wordpress.org/plugins/commentluv/changelog
- https://www.htbridge.com/advisory/HTB23138Exploit
- http://archives.neohapsis.com/archives/bugtraq/2013-02/0031.htmlExploit
- http://osvdb.org/89925
- http://packetstormsecurity.com/files/120090/WordPress-CommentLuv-2.92.3-Cross-SiExploit
- http://wordpress.org/plugins/commentluv/changelog
- https://www.htbridge.com/advisory/HTB23138Exploit
FAQ
What is CVE-2013-1409?
CVE-2013-1409 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/a...
How severe is CVE-2013-1409?
CVE-2013-1409 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1409?
Check the references section above for vendor advisories and patch information. Affected products include: Commentluv Commentluv, Wordpress Wordpress.