CVE-2012-5349: XSS
First published: Tue Oct 09 2012(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wordpress Pay-with-tweet | <=1.1 | |
| WordPress |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-5349?
The severity of CVE-2012-5349 is considered medium due to multiple cross-site scripting vulnerabilities allowing remote attackers to execute arbitrary scripts.
How do I fix CVE-2012-5349?
To fix CVE-2012-5349, upgrade the Pay With Tweet plugin to version 1.2 or later.
What are the affected versions in CVE-2012-5349?
CVE-2012-5349 affects the Pay With Tweet plugin versions prior to 1.2.
Can CVE-2012-5349 be exploited easily?
Yes, CVE-2012-5349 can be exploited easily by sending specially crafted input to the vulnerable parameters in the pay.php file.
What precautions should I take regarding CVE-2012-5349?
Ensure your Pay With Tweet plugin is updated to the latest version and monitor for any unusual activity on your WordPress site.
- agent/references
- agent/type
- agent/softwarecombine
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wordpress
- canonical/wordpress pay-with-tweet
- version/wordpress pay-with-tweet/1.1
- canonical/wordpress