CVE-2011-5257

Appthemes Classipress < 3.1.4 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Paul Loftness · textwebappsphp

https://www.exploit-db.com/exploits/18053

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://docs.appthemes.com/classipress/classipress-version-3-1-5/

[Vendor Advisory] http://secunia.com/advisories/46658

[Exploit] http://www.exploit-db.com/exploits/18053

[Third Party Advisory, VDB Entry] http://www.osvdb.org/76712

Scores

EPSS 0.0422

EPSS Percentile 88.6%

Details

CWE

CWE-79

Status published

Products (6)

appthemes/classipress < 3.1.4

appthemes/classipress

appthemes/classipress

appthemes/classipress

appthemes/classipress

n/a/n/a

Published Feb 12, 2013

Tracked Since Feb 18, 2026