Exploitation Summary
EIP tracks 1 public exploit for CVE-2012-2917. PoCs published by Heine Pedersen.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in the Share and Follow WordPress plugin by injecting malicious script code into the 'CDN API Key' field, which executes in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-and-follow-menu page to wp-admin/admin.php.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in the Share and Follow WordPress plugin by injecting malicious script code into the 'CDN API Key' field, which executes in the context of the affected site.