CVE-2011-4618
NUCLEISimplerealtytheme Advanced Text Widget Plugin < 2.0.1 - XSS
Title source: ruleDescription
Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Exploits (1)
Nuclei Templates (1)
Advanced Text Widget < 2.0.2 - Cross-Site Scripting
MEDIUMby daffainfo
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71412
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/50744
Exploit mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520589
Product x_refsource_misc
http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities
Product x_refsource_confirm
http://plugins.trac.wordpress.org/changeset?reponame=&new=466102%40advanced-text-widget&old=465828%40advanced-text-widget
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/12/19/6
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-04/0119.html
Product x_refsource_confirm
http://wordpress.org/extend/plugins/advanced-text-widget/changelog/
Scores
EPSS
0.0487
EPSS Percentile
89.7%
Details
CWE
CWE-79
Status
published
Products (1)
simplerealtytheme/advanced_text_widget_plugin
< 2.0.1
Published
Jan 24, 2013
Tracked Since
Feb 18, 2026