CVE-2009-2851
WordPress < 2.8.2 - Cross-Site Scripting via Comment Author URL
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-2851. PoCs published by superfreakaz0rz.
AI-analyzed exploit summary This exploit targets a stored XSS vulnerability in WordPress (CVE-2009-2851) by injecting malicious JavaScript into the comment URL field. The payload triggers when an admin mouses over the comment author's name, executing arbitrary JavaScript in the context of the admin session.
Description
Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.
Exploits (1)
This exploit targets a stored XSS vulnerability in WordPress (CVE-2009-2851) by injecting malicious JavaScript into the comment URL field. The payload triggers when an admin mouses over the comment author's name, executing arbitrary JavaScript in the context of the admin session.