CVE-2012-0782: XSS
First published: Mon Jan 30 2012(Updated: )
** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress | <=3.3.1 | |
| WordPress | =0.7 | |
| WordPress | =0.71 | |
| WordPress | =0.72 | |
| WordPress | =0.711 | |
| WordPress | =1.0 | |
| WordPress | =1.0.1 | |
| WordPress | =1.0.2 | |
| WordPress | =1.2 | |
| WordPress | =1.2.1 | |
| WordPress | =1.2.2 | |
| WordPress | =1.5 | |
| WordPress | =1.5.1 | |
| WordPress | =1.5.1.2 | |
| WordPress | =1.5.1.3 | |
| WordPress | =1.5.2 | |
| WordPress | =2.0 | |
| WordPress | =2.0.1 | |
| WordPress | =2.0.2 | |
| WordPress | =2.0.3 | |
| WordPress | =2.0.4 | |
| WordPress | =2.0.5 | |
| WordPress | =2.0.6 | |
| WordPress | =2.0.7 | |
| WordPress | =2.0.8 | |
| WordPress | =2.0.9 | |
| WordPress | =2.0.10 | |
| WordPress | =2.0.11 | |
| WordPress | =2.1 | |
| WordPress | =2.1.1 | |
| WordPress | =2.1.2 | |
| WordPress | =2.1.3 | |
| WordPress | =2.2 | |
| WordPress | =2.2.1 | |
| WordPress | =2.2.2 | |
| WordPress | =2.2.3 | |
| WordPress | =2.3 | |
| WordPress | =2.3.1 | |
| WordPress | =2.3.2 | |
| WordPress | =2.3.3 | |
| WordPress | =2.5 | |
| WordPress | =2.5.1 | |
| WordPress | =2.6 | |
| WordPress | =2.6.1 | |
| WordPress | =2.6.2 | |
| WordPress | =2.6.3 | |
| WordPress | =2.6.5 | |
| WordPress | =2.7 | |
| WordPress | =2.7.1 | |
| WordPress | =2.8 | |
| WordPress | =2.8.1 | |
| WordPress | =2.8.2 | |
| WordPress | =2.8.3 | |
| WordPress | =2.8.4 | |
| WordPress | =2.8.5 | |
| WordPress | =2.8.6 | |
| WordPress | =2.9 | |
| WordPress | =2.9.1 | |
| WordPress | =2.9.2 | |
| WordPress | =3.0 | |
| WordPress | =3.0.1 | |
| WordPress | =3.0.2 | |
| WordPress | =3.0.3 | |
| WordPress | =3.0.4 | |
| WordPress | =3.0.5 | |
| WordPress | =3.0.6 | |
| WordPress | =3.1 | |
| WordPress | =3.1.1 | |
| WordPress | =3.1.2 | |
| WordPress | =3.1.3 | |
| WordPress | =3.1.4 | |
| WordPress | =3.2.1 | |
| WordPress | =3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-0782?
The severity of CVE-2012-0782 is considered high due to multiple cross-site scripting vulnerabilities.
How do I fix CVE-2012-0782?
To fix CVE-2012-0782, update WordPress to the latest version beyond 3.3.1.
What are the affected versions for CVE-2012-0782?
CVE-2012-0782 affects WordPress versions 3.3.1 and earlier.
Can CVE-2012-0782 be exploited remotely?
Yes, CVE-2012-0782 can be exploited remotely by attackers through specific parameters.
What types of vulnerabilities does CVE-2012-0782 include?
CVE-2012-0782 includes multiple cross-site scripting (XSS) vulnerabilities.
- agent/type
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/status
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/wordpress
- canonical/wordpress
- version/wordpress/3.3.1
- version/wordpress/0.7
- version/wordpress/0.71
- version/wordpress/0.72
- version/wordpress/0.711
- version/wordpress/1.0
- version/wordpress/1.0.1
- version/wordpress/1.0.2
- version/wordpress/1.2
- version/wordpress/1.2.1
- version/wordpress/1.2.2
- version/wordpress/1.5
- version/wordpress/1.5.1
- version/wordpress/1.5.1.2
- version/wordpress/1.5.1.3
- version/wordpress/1.5.2
- version/wordpress/2.0
- version/wordpress/2.0.1
- version/wordpress/2.0.2
- version/wordpress/2.0.3
- version/wordpress/2.0.4
- version/wordpress/2.0.5
- version/wordpress/2.0.6
- version/wordpress/2.0.7
- version/wordpress/2.0.8
- version/wordpress/2.0.9
- version/wordpress/2.0.10
- version/wordpress/2.0.11
- version/wordpress/2.1
- version/wordpress/2.1.1
- version/wordpress/2.1.2
- version/wordpress/2.1.3
- version/wordpress/2.2
- version/wordpress/2.2.1
- version/wordpress/2.2.2
- version/wordpress/2.2.3
- version/wordpress/2.3
- version/wordpress/2.3.1
- version/wordpress/2.3.2
- version/wordpress/2.3.3
- version/wordpress/2.5
- version/wordpress/2.5.1
- version/wordpress/2.6
- version/wordpress/2.6.1
- version/wordpress/2.6.2
- version/wordpress/2.6.3
- version/wordpress/2.6.5
- version/wordpress/2.7
- version/wordpress/2.7.1
- version/wordpress/2.8
- version/wordpress/2.8.1
- version/wordpress/2.8.2
- version/wordpress/2.8.3
- version/wordpress/2.8.4
- version/wordpress/2.8.5
- version/wordpress/2.8.6
- version/wordpress/2.9
- version/wordpress/2.9.1
- version/wordpress/2.9.2
- version/wordpress/3.0
- version/wordpress/3.0.1
- version/wordpress/3.0.2
- version/wordpress/3.0.3
- version/wordpress/3.0.4
- version/wordpress/3.0.5
- version/wordpress/3.0.6
- version/wordpress/3.1
- version/wordpress/3.1.1
- version/wordpress/3.1.2
- version/wordpress/3.1.3
- version/wordpress/3.1.4
- version/wordpress/3.2.1
- version/wordpress/3.3
- status/disputed