CVE-2011-5106

NUCLEI

Fractalia Flexible Custom Post Type - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Am!r · textwebappsphp

https://www.exploit-db.com/exploits/36317

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting

MEDIUMby daffainfo

References (5)

[Exploit, Patch] http://plugins.trac.wordpress.org/changeset?reponame=&new=466252%40flexible-custom-post-type&old=465583%40flexible-custom-post-type

[Vendor Advisory] http://wordpress.org/extend/plugins/flexible-custom-post-type/changelog/

[Exploit] http://www.securityfocus.com/bid/50719

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/71415

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/520542/100/0/threaded

Scores

EPSS 0.0181

EPSS Percentile 82.7%

Classification

CWE

CWE-79

Status published

Affected Products (5)

fractalia/flexible_custom_post_type

n/a/n/a

Timeline

Published Aug 23, 2012

Tracked Since Feb 18, 2026