CVE-2011-3860

Cover WP <1.6.6 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by jabdah · textwebappsphp
https://www.exploit-db.com/exploits/36183

References (2)

Scores

EPSS 0.0033
EPSS Percentile 55.6%

Classification

CWE
CWE-79
Status published

Affected Products (22)

onedesigns/cover_wp < 1.6.5
onedesigns/cover_wp
onedesigns/cover_wp
onedesigns/cover_wp
onedesigns/cover_wp
onedesigns/cover_wp
onedesigns/cover_wp
onedesigns/cover_wp
onedesigns/cover_wp
onedesigns/cover_wp
onedesigns/cover_wp
onedesigns/cover_wp
onedesigns/cover_wp
onedesigns/cover_wp
onedesigns/cover_wp
... and 7 more

Timeline

Published Sep 28, 2011
Tracked Since Feb 18, 2026