CVE-2012-2759

Published May 22, 2012

Last updated 7 years ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netweblogic:login_with_ajax:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D6A458F-46B0-4FC1-B4CD-0E91FA0CF908",
            "versionEndIncluding": "3.0.4"
          },
          {
            "criteria": "cpe:2.3:a:netweblogic:login_with_ajax:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD2BFC69-0881-4F81-92C5-94F90169119A"
          },
          {
            "criteria": "cpe:2.3:a:netweblogic:login_with_ajax:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B6726B3-C5FC-4731-953C-C14FF28A4D5B"
          },
          {
            "criteria": "cpe:2.3:a:netweblogic:login_with_ajax:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F479FF4C-3DC0-4FDD-BB75-619EDDCDF601"
          },
          {
            "criteria": "cpe:2.3:a:netweblogic:login_with_ajax:2.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51200B37-BB98-4279-9E45-87171276EE55"
          },
          {
            "criteria": "cpe:2.3:a:netweblogic:login_with_ajax:2.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24D1A2ED-7EFF-4039-A165-B7B70CE15EA8"
          },
          {
            "criteria": "cpe:2.3:a:netweblogic:login_with_ajax:2.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68E9C0A4-0D88-4D15-AB3B-0BA4D2791A59"
          },
          {
            "criteria": "cpe:2.3:a:netweblogic:login_with_ajax:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A08A4525-F020-4E7A-BECB-5D21C9C5236D"
          },
          {
            "criteria": "cpe:2.3:a:netweblogic:login_with_ajax:2.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A9C3628-4A5A-45FE-A63E-DCBA3C51A67D"
          },
          {
            "criteria": "cpe:2.3:a:netweblogic:login_with_ajax:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1530AD41-0F8E-4F22-9294-91ECC119BA04"
          },
          {
            "criteria": "cpe:2.3:a:netweblogic:login_with_ajax:3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17B94D95-E7F2-44EA-9524-BEE59BD67823"
          },
          {
            "criteria": "cpe:2.3:a:netweblogic:login_with_ajax:3.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F10A8857-8D7F-4900-A2FD-6964C3995991"
          },
          {
            "criteria": "cpe:2.3:a:netweblogic:login_with_ajax:3.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAB426AB-AB03-47B4-8EDA-AADE504324A4"
          },
          {
            "criteria": "cpe:2.3:a:netweblogic:login_with_ajax:3.0b:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6D4FBAE-4196-4745-9F31-73AAA0BE626E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "847DA578-4655-477E-8A6F-99FBE738E4F9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References