CVE-2012-2404

WordPress <3.3.2 - XSS

Title source: llm

Description

wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

References (9)

Scores

EPSS 0.0233
EPSS Percentile 84.6%

Classification

CWE
CWE-79
Status published

Affected Products (50)

wordpress/wordpress < 3.3.1
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
wordpress/wordpress
... and 35 more

Timeline

Published Apr 21, 2012
Tracked Since Feb 18, 2026