Vulnerability Details : CVE-2012-4263
Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2012-4263
- cpe:2.3:a:bit51:better-wp-security:*:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.18:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.17:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:0.11:beta:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:0.10:beta:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:0.3:beta:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:0.2:beta:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:-:alpha6:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:-:alpha5:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:0.14:beta:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:0.13:beta:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:0.5:beta:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:0.4:beta:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:-:alpha8:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:-:alpha7:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.16:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.15:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:0.9:beta:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:0.8:beta:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:0.1:beta:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:-:alpha11:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:-:alpha4:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:-:alpha3:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:-:alpha2:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.14:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.13:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.12:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:0.16:beta:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:0.15:beta:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:0.7:beta:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:0.6:beta:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:-:alpha10:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:-:alpha9:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:-:alpha1:*:*:*:*:*:*
- cpe:2.3:a:bit51:better-wp-security:0.1:alpha:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-4263
0.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-4263
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-4263
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4263
-
http://www.securityfocus.com/bid/53480
WordPress Better WP Security 'User-Agent' Header Cross Site Scripting Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75523
Better WP Security plugin for WordPress admin.php cross-site scripting CVE-2012-4263 Vulnerability Report
-
http://packetstormsecurity.org/files/112617/WordPress-Better-WP-Security-Cross-Site-Scripting.html
WordPress Better WP Security Cross Site Scripting ≈ Packet StormExploit
-
http://plugins.trac.wordpress.org/changeset?old_path=%2Fbetter-wp-security&old=542852&new_path=%2Fbetter-wp-security&new=542852
Changeset 542852 for better-wp-security – WordPress Plugin RepositoryExploit;Patch
-
http://bit51.com/software/better-wp-security/changelog/
401 Authorization Required
Jump to