CVE-2011-4926

EXPLOITED NUCLEI

Adminimize < 1.7.22 - Cross-Site Scripting via Page Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2011-4926 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Am!r. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a vulnerability writeup describing a cross-site scripting (XSS) flaw in the Adminimize WordPress plugin. The issue arises from improper sanitization of user-supplied input in the 'page' parameter, allowing arbitrary script execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Am!r · textwebappsphp
https://www.exploit-db.com/exploits/36325

This is a vulnerability writeup describing a cross-site scripting (XSS) flaw in the Adminimize WordPress plugin. The issue arises from improper sanitization of user-supplied input in the 'page' parameter, allowing arbitrary script execution in the context of the affected site.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Adminimize WordPress plugin 1.7.21
No auth needed
Prerequisites: Access to the vulnerable plugin endpoint
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Adminimize 1.7.22 - Cross-Site Scripting
MEDIUMby daffainfo

References (9)

Core 9
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/01/10/9
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/77472
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/01/05/10
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/520591/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/50745
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/archive/1/520591
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71414

Scores

EPSS 0.1091
EPSS Percentile 95.4%

Details

VulnCheck KEV 2024-09-19
CWE
CWE-79
Status published
Products (50)
bueltge/adminimize 0.6.9
bueltge/adminimize 0.7
bueltge/adminimize 0.7.1
bueltge/adminimize 0.7.2
bueltge/adminimize 0.7.3
bueltge/adminimize 0.7.5
bueltge/adminimize 0.7.6
bueltge/adminimize 0.7.7
bueltge/adminimize 0.7.8
bueltge/adminimize 0.7.9
... and 40 more
Published Aug 29, 2012
Tracked Since Feb 18, 2026