CVE-2012-2759
Published May 22, 2012
Last updated 7 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netweblogic:login_with_ajax:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D6A458F-46B0-4FC1-B4CD-0E91FA0CF908",
"versionEndIncluding": "3.0.4"
},
{
"criteria": "cpe:2.3:a:netweblogic:login_with_ajax:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD2BFC69-0881-4F81-92C5-94F90169119A"
},
{
"criteria": "cpe:2.3:a:netweblogic:login_with_ajax:2.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B6726B3-C5FC-4731-953C-C14FF28A4D5B"
},
{
"criteria": "cpe:2.3:a:netweblogic:login_with_ajax:2.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F479FF4C-3DC0-4FDD-BB75-619EDDCDF601"
},
{
"criteria": "cpe:2.3:a:netweblogic:login_with_ajax:2.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51200B37-BB98-4279-9E45-87171276EE55"
},
{
"criteria": "cpe:2.3:a:netweblogic:login_with_ajax:2.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24D1A2ED-7EFF-4039-A165-B7B70CE15EA8"
},
{
"criteria": "cpe:2.3:a:netweblogic:login_with_ajax:2.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68E9C0A4-0D88-4D15-AB3B-0BA4D2791A59"
},
{
"criteria": "cpe:2.3:a:netweblogic:login_with_ajax:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A08A4525-F020-4E7A-BECB-5D21C9C5236D"
},
{
"criteria": "cpe:2.3:a:netweblogic:login_with_ajax:2.21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A9C3628-4A5A-45FE-A63E-DCBA3C51A67D"
},
{
"criteria": "cpe:2.3:a:netweblogic:login_with_ajax:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1530AD41-0F8E-4F22-9294-91ECC119BA04"
},
{
"criteria": "cpe:2.3:a:netweblogic:login_with_ajax:3.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17B94D95-E7F2-44EA-9524-BEE59BD67823"
},
{
"criteria": "cpe:2.3:a:netweblogic:login_with_ajax:3.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F10A8857-8D7F-4900-A2FD-6964C3995991"
},
{
"criteria": "cpe:2.3:a:netweblogic:login_with_ajax:3.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAB426AB-AB03-47B4-8EDA-AADE504324A4"
},
{
"criteria": "cpe:2.3:a:netweblogic:login_with_ajax:3.0b:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6D4FBAE-4196-4745-9F31-73AAA0BE626E"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "847DA578-4655-477E-8A6F-99FBE738E4F9"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]