CVE-2012-5913

Current Description

Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.

Basic Data

PublishedNovember 17, 2012
Last ModifiedAugust 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-79
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationWordpress Integrator ProjectWordpress Integrator1.32*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationWordpressWordpress-*******

Vulnerable Software List

VendorProductVersions
Wordpress Integrator Project Wordpress Integrator 1.32

References

NameSourceURLTags
80628http://osvdb.org/80628OSVDB
http://packetstormsecurity.org/files/111249/WordPress-Integrator-1.32-Cross-Site-Scripting.htmlhttp://packetstormsecurity.org/files/111249/WordPress-Integrator-1.32-Cross-Site-Scripting.htmlMISCExploit
http://www.darksecurity.de/advisories/2012/SSCHADV2012-010.txthttp://www.darksecurity.de/advisories/2012/SSCHADV2012-010.txtMISCExploit
52739http://www.securityfocus.com/bid/52739BIDExploit
wpintegrator-wplogin-xss(74475)https://exchange.xforce.ibmcloud.com/vulnerabilities/74475XF