CVE-2012-4263

Bit51 Better-wp-security < 3.2.4 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header.

References (5)

[Various Sources] http://bit51.com/software/better-wp-security/changelog/

[Exploit] http://packetstormsecurity.org/files/112617/WordPress-Better-WP-Security-Cross-Site-Scripting.html

[Exploit, Patch] http://plugins.trac.wordpress.org/changeset?old_path=%2Fbetter-wp-security&old=542852&new_path=%2Fbetter-wp-security&new=542852

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/53480

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75523

Scores

EPSS 0.0028

EPSS Percentile 51.0%

Classification

CWE

CWE-79

Status published

Affected Products (50)

bit51/better-wp-security < 3.2.4

bit51/better-wp-security

... and 35 more

Timeline

Published Aug 13, 2012

Tracked Since Feb 18, 2026