fkie_cve-2012-4263
Vulnerability from fkie_nvd
Published
2012-08-13 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD289ADB-0EA2-49BD-8265-01C5268EC3D1",
"versionEndIncluding": "3.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "15DF5E1E-881C-43AC-95F7-BE8EB11BE0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha10:*:*:*:*:*:*",
"matchCriteriaId": "F18CEC5E-0A32-44D8-9E22-8B857DAD3133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha11:*:*:*:*:*:*",
"matchCriteriaId": "568C3E87-7AFD-465F-972D-7E956C53FA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "1AC43B43-2D13-4F89-B606-BE0663419396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "B38F0642-2833-4FAB-B937-5FE6217E08CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "136E3C16-0FA0-4A1D-8339-C251D81B8BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "FBFD9A86-F456-46B8-943F-FE5D47212411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "0B910013-BCA8-42B8-9479-9E30A6C9090C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "4EEF5DA7-A0BF-4C66-9FF8-85157C60BA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "141D1897-16E2-4C64-9C24-242EE70ACA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha9:*:*:*:*:*:*",
"matchCriteriaId": "6F90BEB2-5E00-44EF-AAC0-E4D4E2DBCB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:0.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "EE574A4D-0D5F-4886-A2A0-F3DF4457D596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:0.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "3151C4D9-98C2-47F3-BC99-E3F3B9F57F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:0.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "41CD8677-F8C1-4843-A5E4-634C38BDF8A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:0.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "AF896294-800A-4EE1-BFF2-A9C992A8F075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:0.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "2AD1425C-C6AF-4EFD-A0E8-99D3D210B0FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:0.5:beta:*:*:*:*:*:*",
"matchCriteriaId": "22FB621C-F310-4B9F-A3FF-A4225199DF3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:0.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "F51A8704-73FB-4B23-9422-A11832626EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:0.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "E13924F0-8CDA-4D18-A423-DC7362249BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:0.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "60042CD4-3527-4C1F-90E1-EEE89140B84A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:0.9:beta:*:*:*:*:*:*",
"matchCriteriaId": "B3E07A3C-6621-4FB2-89BD-CAF0565787A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:0.10:beta:*:*:*:*:*:*",
"matchCriteriaId": "904BAF9D-66EE-4703-B5BE-D55A5AA50493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:0.11:beta:*:*:*:*:*:*",
"matchCriteriaId": "960AD1A5-302F-4B0F-BD9C-B06BC18777FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:0.13:beta:*:*:*:*:*:*",
"matchCriteriaId": "448A5C8D-497E-448E-BA00-4F46A788160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:0.14:beta:*:*:*:*:*:*",
"matchCriteriaId": "A16B0B65-BBCE-42ED-84F3-8BC89789BD66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:0.15:beta:*:*:*:*:*:*",
"matchCriteriaId": "5E86C0DA-4C14-46F5-AAB4-A87A30D447DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:0.16:beta:*:*:*:*:*:*",
"matchCriteriaId": "08EA28D0-A8DE-4742-B94C-06087CD484ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE57115A-4D74-4659-9DF9-D4BD3E2171D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51A3D8FF-506A-427B-BA65-80A2C5B9C634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F88FAEC8-894E-4915-A697-CE143777C58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F7190B9-DD1F-4C4B-BFDC-45BBD3DABAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFB5FE1-6D7F-4FCE-A262-EFF7AFED89A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D026B8-1D64-42A1-911F-156F963F8074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAF8E91-FAC8-42B0-9FF0-04931EACAFBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "29C02177-49AC-44F8-BE2A-62FB99773F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB53453-DDE4-4F9A-ACF4-DFD158FF42FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED17B1A-AF5C-4A33-B6B7-143DEF80F22E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5A44A3AC-B458-4DBF-A5A9-AD6970997C8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F57345-4FFB-4665-819C-E4B5C0415B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85CB091A-F9C2-4757-B76D-D812222881BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DCF5D0F9-A3C8-4611-9127-1AC097EA9A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA8ABA9-AC31-49B5-8F66-5BAC0C677B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCB48EE-DA9E-432E-92B9-E41D8F1F2100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6C240700-D480-4161-9E04-20A546DE3923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC22ED4-A7EC-4F2B-93DB-4F404B4E70FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FC911E45-C939-4A99-85B0-FAE1686E6E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6EADF84F-B8C1-47F4-B7B1-5E35F3EF80C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4EC058F4-F148-4A75-834F-D1FEB2EC9284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5CDEAA24-C336-4E7E-885D-98ADB10542AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "18031033-01A4-409B-82C1-0B7DCB6292C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1C844A-1A13-46E2-99D6-3941AB6BD949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0F286BD8-27C8-4931-A939-D5BEF0260BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B65A00-C937-45D9-8293-FA9F64F1DC4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4B4690-8511-490A-BB54-170B08537636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "54D2CB69-44DA-4B4B-AC54-52791D797FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0C0D090B-43AE-4C30-B1E9-8C5A29AECA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "95326200-4C92-4CD0-B29A-50635170854C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF278881-C1FE-4758-A847-846576491EF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D5AC8F-0DEA-4E6A-92D2-7AC0BE1C3D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "479EE262-7BA6-4090-95A8-FA4C74AFC5D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8000058-6F52-47DE-BD8F-6C7192D23948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBB8546-6A0A-4FB7-8A5D-B0A7041643F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE8226D-8360-43B4-87E0-0F7BC628945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AF83D2F0-6912-4945-B3D3-24AFB203A5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "653E7131-7DFB-4117-B420-160B2D15E87A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E3DF4B-8D38-4273-BEB2-C371A5B79560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B567B860-BA79-4E02-BE30-05AE4C58E212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A9F1B6-0AF9-4086-8FFA-22C252DB9202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "17E76B6E-E087-4F3D-BDBB-187225D5B9E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5A5D0FA8-4D8E-41DB-A152-29EA500A52A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF4FF53-1DA5-45AF-924C-156D6A019136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4F93D2-E669-462A-8A45-2551F143E00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4FFD9EB-7046-4BB8-BBA0-5121198CB8CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19B3DDC7-D8E3-4F44-98C2-827F08260DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A18561D4-72F0-466F-B7C6-2E791163A20A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bit51:better-wp-security:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8212DE1B-615D-4915-A43C-67752C8D60E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en inc/admin/content.php en el plugin \u0027Better WP Security\u0027 (better_wp_security) para WordPress antes de v3.2.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la cabecera HTTP_USER_AGENT.\r\n"
}
],
"id": "CVE-2012-4263",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-13T22:55:01.037",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bit51.com/software/better-wp-security/changelog/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/112617/WordPress-Better-WP-Security-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbetter-wp-security\u0026old=542852\u0026new_path=%2Fbetter-wp-security\u0026new=542852"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53480"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bit51.com/software/better-wp-security/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/112617/WordPress-Better-WP-Security-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbetter-wp-security\u0026old=542852\u0026new_path=%2Fbetter-wp-security\u0026new=542852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75523"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…