CVE-2012-2403

WordPress <3.3.2 - XSS

Title source: llm

Description

wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

References (10)

Scores

EPSS 0.0313
EPSS Percentile 86.7%

Classification

CWE
CWE-79
Status published

Affected Products (50)

wordpress/wordpress < 3.3.1
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
... and 35 more

Timeline

Published Apr 21, 2012
Tracked Since Feb 18, 2026