CVE-2011-4926

EXPLOITED NUCLEI

Bueltge Adminimize < 1.7.21 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Am!r · textwebappsphp

https://www.exploit-db.com/exploits/36325

View Code ZIP pw:eip

Nuclei Templates (1)

Adminimize 1.7.22 - Cross-Site Scripting

MEDIUMby daffainfo

References (9)

[Product] http://plugins.trac.wordpress.org/changeset?reponame=&new=467338%40adminimize&old=466900%40adminimize#file5

[Product] http://wordpress.org/extend/plugins/adminimize/changelog/

[Third Party Advisory, VDB Entry] http://www.osvdb.org/77472

[Exploit] http://www.securityfocus.com/bid/50745

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/71414

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/520591

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/520591/100/0/threaded

[Mailing List] http://www.openwall.com/lists/oss-security/2012/01/05/10

[Mailing List] http://www.openwall.com/lists/oss-security/2012/01/10/9

Scores

EPSS 0.0673

EPSS Percentile 91.2%

Exploitation Intel

VulnCheck KEV 2024-09-19

Classification

CWE

CWE-79

Status published

Affected Products (50)

bueltge/adminimize < 1.7.21

bueltge/adminimize

... and 35 more

Timeline

Published Aug 29, 2012

Tracked Since Feb 18, 2026