CVE-2012-2371

NUCLEI

WP-FaceThumb 0.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by d3v1l · textwebappsphp

https://www.exploit-db.com/exploits/37155

View Code ZIP pw:eip

Nuclei Templates (1)

WP-FaceThumb 0.1 - Cross-Site Scripting

MEDIUMby daffainfo

References (6)

[Exploit] http://packetstormsecurity.org/files/112658/WordPress-WP-FaceThumb-Gallery-0.1-Cross-Site-Scripting.html

[Vendor Advisory] http://secunia.com/advisories/49143

[Product] http://wordpress.org/support/topic/plugin-wp-facethumb-reflected-xss-vulnerability-cwe-79

[Exploit] http://www.securityfocus.com/bid/53497

[Mailing List] http://www.openwall.com/lists/oss-security/2012/05/15/12

[Mailing List] http://www.openwall.com/lists/oss-security/2012/05/16/1

Scores

EPSS 0.0496

EPSS Percentile 89.6%

Classification

CWE

CWE-79

Status published

Affected Products (2)

mnt-tech/wp-facethumb

n/a/n/a

Timeline

Published Aug 13, 2012

Tracked Since Feb 18, 2026