CVE-2011-3852

WordPress EvoLve <1.2.6 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by SiteWatch · textwebappsphp

https://www.exploit-db.com/exploits/36182

View Code ZIP pw:eip

References (1)

[Exploit, URL Repurposed] https://sitewat.ch/en/Advisories/10

Scores

EPSS 0.0037

EPSS Percentile 58.6%

Classification

CWE

CWE-79

Status published

Affected Products (28)

theme4press/evolve < 1.2.5

theme4press/evolve

... and 13 more

Timeline

Published Sep 28, 2011

Tracked Since Feb 18, 2026