CVE-2012-2404

Current Description

wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Basic Data

PublishedApril 21, 2012
Last ModifiedDecember 19, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-79
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationWordpressWordpress0.71*******
    2.3ApplicationWordpressWordpress1.0*******
    2.3ApplicationWordpressWordpress1.0.1*******
    2.3ApplicationWordpressWordpress1.0.2*******
    2.3ApplicationWordpressWordpress1.1.1*******
    2.3ApplicationWordpressWordpress1.2*******
    2.3ApplicationWordpressWordpress1.2.1*******
    2.3ApplicationWordpressWordpress1.2.2*******
    2.3ApplicationWordpressWordpress1.2.3*******
    2.3ApplicationWordpressWordpress1.2.4*******
    2.3ApplicationWordpressWordpress1.2.5*******
    2.3ApplicationWordpressWordpress1.2.5a******
    2.3ApplicationWordpressWordpress1.3*******
    2.3ApplicationWordpressWordpress1.3.2*******
    2.3ApplicationWordpressWordpress1.3.3*******
    2.3ApplicationWordpressWordpress1.5*******
    2.3ApplicationWordpressWordpress1.5.1*******
    2.3ApplicationWordpressWordpress1.5.1.1*******
    2.3ApplicationWordpressWordpress1.5.1.2*******
    2.3ApplicationWordpressWordpress1.5.1.3*******
    2.3ApplicationWordpressWordpress1.5.2*******
    2.3ApplicationWordpressWordpress2.0*******
    2.3ApplicationWordpressWordpress2.0.1*******
    2.3ApplicationWordpressWordpress2.0.2*******
    2.3ApplicationWordpressWordpress2.0.4*******
    2.3ApplicationWordpressWordpress2.0.5*******
    2.3ApplicationWordpressWordpress2.0.6*******
    2.3ApplicationWordpressWordpress2.0.7*******
    2.3ApplicationWordpressWordpress2.0.8*******
    2.3ApplicationWordpressWordpress2.0.9*******
    2.3ApplicationWordpressWordpress2.0.10*******
    2.3ApplicationWordpressWordpress2.0.11*******
    2.3ApplicationWordpressWordpress2.1*******
    2.3ApplicationWordpressWordpress2.1.1*******
    2.3ApplicationWordpressWordpress2.1.2*******
    2.3ApplicationWordpressWordpress2.1.3*******
    2.3ApplicationWordpressWordpress2.2*******
    2.3ApplicationWordpressWordpress2.2.1*******
    2.3ApplicationWordpressWordpress2.2.2*******
    2.3ApplicationWordpressWordpress2.2.3*******
    2.3ApplicationWordpressWordpress2.3*******
    2.3ApplicationWordpressWordpress2.3.1*******
    2.3ApplicationWordpressWordpress2.3.2*******
    2.3ApplicationWordpressWordpress2.3.3*******
    2.3ApplicationWordpressWordpress2.5*******
    2.3ApplicationWordpressWordpress2.5.1*******
    2.3ApplicationWordpressWordpress2.6*******
    2.3ApplicationWordpressWordpress2.6.1*******
    2.3ApplicationWordpressWordpress2.6.2*******
    2.3ApplicationWordpressWordpress2.6.3*******
    2.3ApplicationWordpressWordpress2.6.5*******
    2.3ApplicationWordpressWordpress2.7*******
    2.3ApplicationWordpressWordpress2.7.1*******
    2.3ApplicationWordpressWordpress2.8*******
    2.3ApplicationWordpressWordpress2.8.1*******
    2.3ApplicationWordpressWordpress2.8.2*******
    2.3ApplicationWordpressWordpress2.8.3*******
    2.3ApplicationWordpressWordpress2.8.4*******
    2.3ApplicationWordpressWordpress2.8.4a******
    2.3ApplicationWordpressWordpress2.8.5*******
    2.3ApplicationWordpressWordpress2.8.5.1*******
    2.3ApplicationWordpressWordpress2.8.5.2*******
    2.3ApplicationWordpressWordpress2.8.6*******
    2.3ApplicationWordpressWordpress2.9*******
    2.3ApplicationWordpressWordpress2.9.1*******
    2.3ApplicationWordpressWordpress2.9.1.1*******
    2.3ApplicationWordpressWordpress2.9.2*******
    2.3ApplicationWordpressWordpress3.0*******
    2.3ApplicationWordpressWordpress3.0.1*******
    2.3ApplicationWordpressWordpress3.0.2*******
    2.3ApplicationWordpressWordpress3.0.3*******
    2.3ApplicationWordpressWordpress3.0.4*******
    2.3ApplicationWordpressWordpress3.0.5*******
    2.3ApplicationWordpressWordpress3.0.6*******
    2.3ApplicationWordpressWordpress3.1*******
    2.3ApplicationWordpressWordpress3.1.1*******
    2.3ApplicationWordpressWordpress3.1.2*******
    2.3ApplicationWordpressWordpress3.1.3*******
    2.3ApplicationWordpressWordpress3.3*******
    2.3ApplicationWordpressWordpress********3.3.1

Vulnerable Software List

VendorProductVersions
Wordpress Wordpress *, 0.71, 1.0, 1.0.1, 1.0.2, 1.1.1, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.3, 1.3.2, 1.3.3, 1.5, 1.5.1, 1.5.1.1, 1.5.1.2, 1.5.1.3, 1.5.2, 2.0, 2.0.1, 2.0.10, 2.0.11, 2.0.2, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 2.3, 2.3.1, 2.3.2, 2.3.3, 2.5, 2.5.1, 2.6, 2.6.1, 2.6.2, 2.6.3, 2.6.5, 2.7, 2.7.1, 2.8, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.5.1, 2.8.5.2, 2.8.6, 2.9, 2.9.1, 2.9.1.1, 2.9.2, 3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.3

References

NameSourceURLTags
http://core.trac.wordpress.org/changeset/20486/branches/3.3/wp-comments-post.phphttp://core.trac.wordpress.org/changeset/20486/branches/3.3/wp-comments-post.phpCONFIRM
81464http://osvdb.org/81464OSVDB
48957http://secunia.com/advisories/48957SECUNIA
49138http://secunia.com/advisories/49138SECUNIA
http://wordpress.org/news/2012/04/wordpress-3-3-2/http://wordpress.org/news/2012/04/wordpress-3-3-2/CONFIRMPATCH Vendor Advisory
DSA-2470http://www.debian.org/security/2012/dsa-2470DEBIAN
53192http://www.securityfocus.com/bid/53192BID
wordpress-wpredirect-xss(75092)https://exchange.xforce.ibmcloud.com/vulnerabilities/75092XF
wordpress-wpcommentspostphp-xss(75202)https://exchange.xforce.ibmcloud.com/vulnerabilities/75202XF