Lucene search

MitreCVE-2012-5325

HistoryOct 08, 2012 - 8:55 p.m.

CVE-2012-5325

2012-10-0820:55:01

CWE-79

mitre

web.nvd.nist.gov

cve-2012-5325

cross-site scripting

xss

shortcode redirect

wordpress

security

vulnerabilities

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

39.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag.

Affected configurations

Nvd

Node

cartpaujshortcode-redirectRange≤1.0.01

cartpaujshortcode-redirectMatch1.0.00

AND

wordpresswordpressMatch-

VendorProductVersionCPE
cartpaujshortcode-redirect*cpe:2.3:a:cartpauj:shortcode-redirect:*:*:*:*:*:*:*:*
cartpaujshortcode-redirect1.0.00cpe:2.3:a:cartpauj:shortcode-redirect:1.0.00:*:*:*:*:*:*:*
wordpresswordpress-cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cartpauj	shortcode-redirect	*	cpe:2.3:a:cartpauj:shortcode-redirect::::::::
cartpauj	shortcode-redirect	1.0.00	cpe:2.3:a:cartpauj:shortcode-redirect:1.0.00:::::::*
wordpress	wordpress	-	cpe:2.3:a:wordpress:wordpress:-:::::::*

References

packetstormsecurity.org/files/view/108914/wpshortcoderedirect-xss.txt

www.securityfocus.com/bid/51626

exchange.xforce.ibmcloud.com/vulnerabilities/72620

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

39.3%

JSON

Related for CVE-2012-5325