CVE-2011-5191 : Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite p

Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192.

Published 2012-09-23 17:55:01

Updated 2012-09-24 04:00:00

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2011-5191

Blairwilliams » Pretty Link Lite Plugin
Versions up to, including, (<=) 1.5.2
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:*:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.5.1
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.5.1:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.56
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.56:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.55
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.55:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.53
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.53:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.41
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.41:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.38
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.38:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.36
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.36:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.35
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.35:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.34
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.34:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.21
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.21:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.5.0
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.5.0:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.52
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.52:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.50
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.50:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.42
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.42:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.39
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.39:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.32
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.32:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.30
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.30:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.25
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.25:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.23
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.23:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.16
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.16:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.14
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.14:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.20
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.20:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.19
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.19:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.18
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.18:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.48
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.48:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.47
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.47:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.46
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.46:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.45
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.45:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.29
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.29:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.28
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.28:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.27
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.27:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.26
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.26:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.12
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.12:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.51
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.51:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.49
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.49:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.44
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.44:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.43
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.43:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.33
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.33:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.31
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.31:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.24
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.24:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.22
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.22:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.17
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.17:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.15
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.15:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A
Blairwilliams » Pretty Link Lite Plugin » Version: 1.4.13
cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.13:*:*:*:*:*:*:*
Matching versions
When used together with: Wordpress » Wordpress » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2011-5191

EPSS FAQ

0.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 49 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-5191

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2011-5191

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-5191

http://plugins.trac.wordpress.org/changeset/473693/pretty-link

Changeset 473693 for pretty-link – WordPress Plugin Repository
Exploit;Patch
http://wordpress.org/extend/plugins/pretty-link/changelog/

Shortlinks by Pretty Links – Best WordPress Link Tracking Plugin – WordPress plugin | WordPress.org
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2011-5191

Products affected by CVE-2011-5191

Exploit prediction scoring system (EPSS) score for CVE-2011-5191

CVSS scores for CVE-2011-5191

CWE ids for CVE-2011-5191

References for CVE-2011-5191