CVE-2010-4402

Devbits Register-plus < 3.5.1 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action.

References (6)

[Third Party Advisory, VDB Entry] http://osvdb.org/69491

[Exploit] http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt

[Vendor Advisory] http://secunia.com/advisories/42360

[Exploit] http://websecurity.com.ua/4539

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/514903/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/45057

Scores

EPSS 0.0037

EPSS Percentile 58.7%

Classification

CWE

CWE-79

Status published

Affected Products (23)

devbits/register-plus < 3.5.1

devbits/register-plus

devbits/register-plus

devbits/register-plus

devbits/register-plus

devbits/register-plus

devbits/register-plus

devbits/register-plus

devbits/register-plus

devbits/register-plus

devbits/register-plus

devbits/register-plus

devbits/register-plus

devbits/register-plus

devbits/register-plus

... and 8 more

Timeline

Published Dec 06, 2010

Tracked Since Feb 18, 2026