CVE-2012-4263

Exploit

EPSS 0.28%
Veröffentlicht 13.08.2012 22:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

iThemes Security < 3.2.5 - Cross-Site Scripting

Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header.

Mögliche Gegenmaßnahme

Solid Security – Password, Two Factor Authentication, and Brute Force Protection: Update to version 3.2.5, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Solid Security – Password, Two Factor Authentication, and Brute Force Protection

Version [*, 3.2.5)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bit51 ≫ Better-wp-security Version <= 3.2.4

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version- Updatealpha1

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version- Updatealpha10

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version- Updatealpha11

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version- Updatealpha2

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version- Updatealpha3

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version- Updatealpha4

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version- Updatealpha5

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version- Updatealpha6

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version- Updatealpha7

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version- Updatealpha8

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version- Updatealpha9

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version0.1 Updatealpha

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version0.1 Updatebeta

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version0.2 Updatebeta

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version0.3 Updatebeta

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version0.4 Updatebeta

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version0.5 Updatebeta

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version0.6 Updatebeta

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version0.7 Updatebeta

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version0.8 Updatebeta

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version0.9 Updatebeta

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version0.10 Updatebeta

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version0.11 Updatebeta

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version0.13 Updatebeta

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version0.14 Updatebeta

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version0.15 Updatebeta

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version0.16 Updatebeta

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version1.0

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version1.1

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version1.2

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version1.3

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version1.4

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version1.5

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version1.6

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version1.7

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version1.8

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version1.8.1

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version1.9

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.0

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.1

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.2

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.3

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.4

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.5

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.6

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.7

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.8

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.9

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.10

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.11

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.12

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.13

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.14

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.15

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.16

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.17

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version2.18

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.0

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.0.1

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.0.2

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.0.3

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.0.4

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.0.5

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.0.6

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.0.7

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.0.8

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.0.9

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.0.10

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.0.11

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.0.12

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.1

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.2

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.2.1

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.2.2

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.2.3

Wordpress ≫ Wordpress Version-

Bit51 ≫ Better-wp-security Version3.2.5

Wordpress ≫ Wordpress Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.51

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://bit51.com/software/better-wp-security/changelog/

http://packetstormsecurity.org/files/112617/WordPress-Better-WP-Security-Cross-Site-Scripting.html

Exploit

http://plugins.trac.wordpress.org/changeset?old_path=%2Fbetter-wp-security&old=542852&new_path=%2Fbetter-wp-security&new=542852

Patch

Exploit

http://www.securityfocus.com/bid/53480

https://exchange.xforce.ibmcloud.com/vulnerabilities/75523

https://www.wordfence.com/threat-intel/vulnerabilities/id/5350e519-3fa5-4463-b7b4-12bbe6fd5591

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2012-4263

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-4263

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-4263

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2012-4263