CVE-2012-2633
Published Jun 15, 2012
Last updated 11 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp plugin before 1.8.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
- Source
- vultures@jpcert.or.jp
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wassup_plugin:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7EC6B7C5-F31E-4B39-A87E-CB673FD837CB",
"versionEndIncluding": "1.8.3"
},
{
"criteria": "cpe:2.3:a:wordpress:wassup_plugin:1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DB0557B-DCE5-4A0D-B56B-27B4158AAEF5"
},
{
"criteria": "cpe:2.3:a:wordpress:wassup_plugin:1.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46B92EB2-9D60-4BC6-BEA5-C09C035FB32E"
},
{
"criteria": "cpe:2.3:a:wordpress:wassup_plugin:1.7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA6192ED-8E45-4297-AB88-07B30C972181"
},
{
"criteria": "cpe:2.3:a:wordpress:wassup_plugin:1.7.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B50A4B12-D1E7-435E-9782-0017C572F77C"
},
{
"criteria": "cpe:2.3:a:wordpress:wassup_plugin:1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0E868437-F919-4210-A1DF-5BBA05D9A10F"
},
{
"criteria": "cpe:2.3:a:wordpress:wassup_plugin:1.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE69B967-832C-41BD-AD2D-8624F15880AB"
},
{
"criteria": "cpe:2.3:a:wordpress:wassup_plugin:1.8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52BC77F4-B8AA-4C54-A5CE-BC61C77DBE54"
}
],
"operator": "OR"
}
]
}
]