CVE-2012-0782

WordPress <3.3.1 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance

Exploits (1)

exploitdb WORKING POC VERIFIED
by Trustwave's SpiderLabs · textwebappsphp
https://www.exploit-db.com/exploits/18417

References (3)

Scores

EPSS 0.0139
EPSS Percentile 80.2%

Classification

CWE
CWE-79
Status published

Affected Products (50)

wordpress/wordpress < 3.3.1
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
... and 35 more

Timeline

Published Jan 30, 2012
Tracked Since Feb 18, 2026