CVE-2012-0934
Theme Tuner Plugin < 0.7 - Remote Code Execution via tt-abspath Parameter
Title source: manualDescription
PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter.
References (6)
Core 6
Core References
Exploit x_refsource_misc
http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/
Product x_refsource_confirm
http://plugins.trac.wordpress.org/changeset/492167/theme-tuner#file2
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47722
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72626
Patch x_refsource_confirm
http://wordpress.org/extend/plugins/theme-tuner/changelog/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51636
Scores
EPSS
0.0808
EPSS Percentile
94.1%
Details
CWE
CWE-94
Status
published
Products (6)
zingiri/theme_tuner_plugin
0.1
zingiri/theme_tuner_plugin
0.2
zingiri/theme_tuner_plugin
0.3
zingiri/theme_tuner_plugin
0.4
zingiri/theme_tuner_plugin
0.6
zingiri/theme_tuner_plugin
< 0.7
Published
Jan 29, 2012
Tracked Since
Feb 18, 2026