CVE-2010-4518

wp-safe-search 0.7 - Cross-Site Scripting via v1 Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4518. PoCs published by John Leitch.

AI-analyzed exploit summary The exploit describes a cross-site scripting (XSS) vulnerability in the Safe Search plugin for WordPress. The vulnerability arises from improper sanitization of user-supplied input, allowing arbitrary script execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by John Leitch · textwebappsphp

https://www.exploit-db.com/exploits/35067

View Code ZIP pw:eip

The exploit describes a cross-site scripting (XSS) vulnerability in the Safe Search plugin for WordPress. The vulnerability arises from improper sanitization of user-supplied input, allowing arbitrary script execution in the context of the affected site.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Safe Search plugin for WordPress 0.7

No auth needed

Prerequisites: Access to the vulnerable WordPress plugin endpoint

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://www.johnleitch.net/Vulnerabilities/WordPress.Safe.Search.0.7.Reflected.Cross-site.Scripting/66

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/69762

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/45267

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42544

Scores

EPSS 0.0352

EPSS Percentile 87.7%

Details

CWE

CWE-79

Status published

Products (1)

wobeo/wp-safe-search 0.7

Published Dec 09, 2010

Tracked Since Feb 18, 2026