fkie_cve-2013-3720
Vulnerability from fkie_nvd
Published
2013-05-31 12:20
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:feedweb:feedweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B59786-2A4A-49F1-87E3-B9CAEF2A2F9F",
"versionEndIncluding": "1.8.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5E70AA-CE60-4248-8C0B-DCF90B613375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D0003EFB-B441-4447-A266-A86F74D84A41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C239ADFE-F698-4745-94A3-FCF6F7CA16D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "21367004-61EE-4914-9E65-2126CB03D00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "989FFD38-47AE-434A-84D3-66BE3D8C24BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38DF5070-058A-4F6A-9E88-8A2919D8EC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1166CE06-0ABD-4985-83B2-247DA83334BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "463079FE-42E1-423F-9F57-66EA7C8AA06D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "54AAC1F4-A039-4EDA-BD2A-DCDD83920FEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3CDF2EE3-0B1D-4AD8-9618-2050778CFD2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "228A383F-ECEC-4B93-9C91-B29984E3CD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC4ADDC-488F-463B-A210-DE2D3DA64356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "679FA353-FE9C-49CC-83CB-9B3C43D02691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "344DD72D-3181-4CA5-9716-7871412B351E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B34209CF-110C-45FA-8AD7-2FD3444BF7AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "30B3948F-A06E-4D9A-9C23-2B5D7B612822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6F55903A-EA51-4040-A7DC-AB8B2FA49F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A952F9DC-4A31-481B-909D-A136E75BBDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BE7950A7-4DC9-4015-8CAB-A71DA54C0A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5620A752-6748-4370-9F49-5469C8362117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "029FB947-1AAD-4020-A087-26F44465D8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CE55E5E9-E340-49B1-A2CB-83E7C3E2FFB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A0F535-8AD3-4613-8FDB-39966BA3A796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0380986C-3883-4421-8156-2C37D5EFDC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C76D87DE-4885-4407-B7F1-EEAF5C797B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CD6592-9D62-4493-A767-3FD9A7809F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E27E8F-4561-431B-8A5F-2D45C175DBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8349613A-1BE3-4A46-AA6C-C28BA6F01A17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AAC9B419-5F37-4757-830A-5410FF2CBDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC45E8B9-6331-4A10-951D-AB0690C328AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07C50DF8-F79C-4151-A671-1B8DBAB02153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCE9656-145C-477E-B951-84F6F827BD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D10759BF-90E3-47EF-8A2B-0E0E064B652D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A095BE44-D925-4B71-B89B-A7B3CA37A22D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "495AC249-C594-4D88-BDD7-352B28792EE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C489F67B-FA3D-4D81-B8B5-94D87100CBD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1D66C0-8B7D-4FCA-B7E9-9A3408FA8D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6337D578-44F3-4DC0-9340-9C8D1666A19F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6B62A6-CAC5-482D-B211-0FF73E31911F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9E969F8B-3A3F-48AC-A728-4F5980D1B7A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CB983BAA-8C96-4E26-B855-58E4B46565CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5CEA6B-A012-4737-830C-78039CDB15A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "739498D9-BEE7-4ECC-9191-3F0BF25BFE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79CDDCFC-68AC-435F-99C3-F66E08E984CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26407BDC-99AF-4C19-BB53-152B2EED8165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45FF1E7D-76A4-4BA4-AECA-3C6CAC2E695C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4B45F5-4818-4517-8CB0-7CCE97BF79AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D366735E-0029-4F02-8844-2578C4CF36AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "06B6795D-53A0-4251-9F78-107C01CC980B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4904C1AE-697B-42C2-B051-F8ECC8FFD3DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "901A014E-ACBE-424F-A6B5-3AAB7BF19767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28D5E906-487A-4856-9E28-43E162C51C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FD18FC34-BF44-4AEE-AF6A-47BFE490AFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "086ADE2D-F461-4B17-B937-100EC0B411A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6FA75DC-9B89-4C31-94B9-9255DBC04F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA74A0E-4B30-4113-BD44-84ADD6820199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BC284AA3-B336-494E-A031-6DB25FAEFB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F583F116-9A71-47B1-833F-FAA5FDB30F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F5F62048-C4BF-48D7-88BF-6BE0F8237362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F989E8FC-E356-40C4-81E5-09D73AD7A103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB8D297-288D-48B8-9847-8A7E5DE7325F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "693B7A44-2D48-4239-A6CB-EC994F84228F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47164DE1-D38E-41CC-94B4-82D15D1D4A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6A2192-418E-4706-BBF9-D882514E5CC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A018BC-CFAC-48CA-B18C-67AC7C9D5C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEB5360-1C75-4C6F-97E5-2631FE1DDE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "529D9895-9C35-44D2-908A-B5E91ADE7F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5EC5455-BBAF-43C5-84F4-17A773DF30D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98C3B7E5-6912-4602-AA6E-6ADC7DDA63DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63A7774F-3745-49B8-BDF1-724925E1526F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81F0FF93-ED2E-4081-97FD-C98B8254E815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEB3F31-F11E-4D0A-9AA0-789D2A155BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC43368E-9015-480D-AF20-BB4ED4721834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7963BAD-F8E3-4C4A-BBB2-4CAD89420A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5CD5C45-2791-4922-B381-5D9C0043F422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1E3388-87DB-4991-AD2C-E406E2628984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "178E5EDF-FE34-4157-B49F-B9E51E742E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E5619EF4-4BD5-4E97-B27F-0E8AF42209C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:feedweb:feedweb:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3B28F5-1BA5-48CA-ACB6-C3EFA495132F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3nd de secuencias de comandos en sitios cruzados (XSS) en widget_remove.php en el complemento Feedweb anterior a v1.9 para WordPress permite a administradores autenticados a inyectar secuencias de comandos Web o HTML a trav\u00e9s del par\u00e1metro wp_post_id."
}
],
"id": "CVE-2013-3720",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-05-31T12:20:25.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Ffeedweb\u0026old=689612\u0026new_path=%2Ffeedweb\u0026new=689612"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52855"
},
{
"source": "cve@mitre.org",
"url": "http://wordpress.org/extend/plugins/feedweb/changelog/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/advisories/2013/SSCHADV2013-004.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Ffeedweb\u0026old=689612\u0026new_path=%2Ffeedweb\u0026new=689612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wordpress.org/extend/plugins/feedweb/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/advisories/2013/SSCHADV2013-004.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…