CVE-2011-5106
NUCLEIFlexible Custom Post Type < 0.1.7 - Cross-Site Scripting via edit-post.php id Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-5106. PoCs published by Am!r. A Nuclei detection template is also available.
AI-analyzed exploit summary The exploit describes a cross-site scripting (XSS) vulnerability in the Flexible Custom Post Type plugin for WordPress. It fails to sanitize user-supplied input, allowing arbitrary script execution in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Exploits (1)
The exploit describes a cross-site scripting (XSS) vulnerability in the Flexible Custom Post Type plugin for WordPress. It fails to sanitize user-supplied input, allowing arbitrary script execution in the context of the affected site.