CVE-2012-1068

Published Feb 14, 2012

Last updated 7 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in the rc_ajax function in core.php in the WP-RecentComments plugin before 2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter, related to AJAX paging.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mg12:wp-recentcomments:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8553090-C53E-4CEF-8649-576B368BBDE8",
            "versionEndIncluding": "2.0.7"
          },
          {
            "criteria": "cpe:2.3:a:mg12:wp-recentcomments:1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A87D04EE-5C93-4DEB-85F2-11758471FC48"
          },
          {
            "criteria": "cpe:2.3:a:mg12:wp-recentcomments:1.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2782659-F496-4788-BD33-E7CAB1EE08C0"
          },
          {
            "criteria": "cpe:2.3:a:mg12:wp-recentcomments:1.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC26BD05-762C-4A0C-9FFB-873A7600C77E"
          },
          {
            "criteria": "cpe:2.3:a:mg12:wp-recentcomments:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3E8D040-6311-477E-B248-8890BCA31C53"
          },
          {
            "criteria": "cpe:2.3:a:mg12:wp-recentcomments:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0B16BD0-6F22-4634-BE06-64BF89218E0F"
          },
          {
            "criteria": "cpe:2.3:a:mg12:wp-recentcomments:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02BA1684-45DD-4AF3-84E7-E8BC6EE44638"
          },
          {
            "criteria": "cpe:2.3:a:mg12:wp-recentcomments:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A13554C5-316A-48F0-8399-16AF566E28DC"
          },
          {
            "criteria": "cpe:2.3:a:mg12:wp-recentcomments:2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B0C0D44-9699-4AB4-BA2D-2D10C6657101"
          },
          {
            "criteria": "cpe:2.3:a:mg12:wp-recentcomments:2.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AED375A-8F68-448A-8A07-D512F8573387"
          },
          {
            "criteria": "cpe:2.3:a:mg12:wp-recentcomments:2.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A488006-B34E-439D-A914-97AE2ECF03AC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "847DA578-4655-477E-8A6F-99FBE738E4F9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References