CVE-2010-4402

Published Dec 6, 2010

Last updated 6 years ago

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6552E1A6-58B3-44A0-B8C2-7F16DEAAF281",
            "versionEndIncluding": "3.5.1"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A785432C-7E48-4D3E-85E5-FAD1EB2EA835"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F270C0A4-627C-4289-8CDD-C8F0A7565912"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1496B674-12AD-4D0E-99F1-8AD5D2451B24"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "468B47F9-EE0D-4804-BCDC-E160D00E5900"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24DEC831-FF90-44A9-A4D7-4CD559F6DD36"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7EA353B-05A2-4E0D-8DE4-8364410E2B65"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D99FAE76-2353-48C4-83CE-B68D26DDC6CD"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4311912-12D9-4E9E-B058-FBB6EC683FAA"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11546D3A-A75F-467A-BC94-DBF9A9E5D1C6"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25669008-3609-47C5-A543-BF05BB29C029"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FEF74AA-4802-4F89-B737-2006D2FDBE77"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B62FCF7-8FC0-4F23-897E-7EED0152216B"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F09EB82-A255-457A-B559-F2D3F553BB75"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6026F9B0-CD99-409C-975C-CFFC82FE61FA"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:3.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72E04912-36F0-4CAA-861B-A12E567FF76D"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71C3F956-22BD-4E49-95CD-05484CB30C2F"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E647DD6-4D02-4309-9F64-711265FEB501"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34A89008-87B5-4449-90C4-962453E0F224"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4153EDD3-F684-495E-ACDF-B9CEEBBDE91E"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:3.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01E6D21C-733C-49AD-A84D-FF057A18B2CB"
          },
          {
            "criteria": "cpe:2.3:a:devbits:register-plus:3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "651E275A-3405-46A6-B9CF-16B071D16C66"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "847DA578-4655-477E-8A6F-99FBE738E4F9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References