CVE-2012-2759

WordPress <3.0.4.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php.

References (6)

Scores

EPSS 0.0020
EPSS Percentile 42.3%

Classification

CWE
CWE-79
Status published

Affected Products (15)

netweblogic/login_with_ajax < 3.0.4
netweblogic/login_with_ajax
netweblogic/login_with_ajax
netweblogic/login_with_ajax
netweblogic/login_with_ajax
netweblogic/login_with_ajax
netweblogic/login_with_ajax
netweblogic/login_with_ajax
netweblogic/login_with_ajax
netweblogic/login_with_ajax
netweblogic/login_with_ajax
netweblogic/login_with_ajax
netweblogic/login_with_ajax
netweblogic/login_with_ajax
n/a/n/a

Timeline

Published May 22, 2012
Tracked Since Feb 18, 2026