CVE-2011-4618

NUCLEI

Simplerealtytheme Advanced Text Widget Plugin < 2.0.1 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Amir · textwebappsphp

https://www.exploit-db.com/exploits/36324

View Code ZIP pw:eip

Nuclei Templates (1)

Advanced Text Widget < 2.0.2 - Cross-Site Scripting

MEDIUMby daffainfo

References (8)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2012-04/0119.html

[Product] http://plugins.trac.wordpress.org/changeset?reponame=&new=466102%40advanced-text-widget&old=465828%40advanced-text-widget

[Product] http://wordpress.org/extend/plugins/advanced-text-widget/changelog/

[Product] http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities

[Exploit] http://www.securityfocus.com/archive/1/520589

[Exploit] http://www.securityfocus.com/bid/50744

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/71412

[Mailing List] http://www.openwall.com/lists/oss-security/2011/12/19/6

Scores

EPSS 0.0487

EPSS Percentile 89.5%

Details

CWE

CWE-79

Status published

Products (2)

simplerealtytheme/advanced_text_widget_plugin < 2.0.1

n/a/n/a

Published Jan 24, 2013

Tracked Since Feb 18, 2026