CVE-2012-4271
Bad Behavior < 2.0.47 and 2.2.x < 2.2.5 - Cross-Site Scripting via Multiple Parameters
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter.
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/files/112619/WordPress-Bad-Behavior-Cross-Site-Scripting.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53477
Exploit, Patch x_refsource_confirm
http://plugins.trac.wordpress.org/changeset?old_path=%2Fbad-behavior&old=543807&new_path=%2Fbad-behavior&new=543807
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75521
Scores
EPSS
0.0020
EPSS Percentile
41.6%
Details
CWE
CWE-79
Status
published
Products (7)
mark_jaquith/bad_behavior
2.2.0
mark_jaquith/bad_behavior
2.2.1
mark_jaquith/bad_behavior
2.2.2
mark_jaquith/bad_behavior
2.2.3
mark_jaquith/bad_behavior
2.2.4
mark_jaquith/bad_behavior
< 2.0.46
wordpress/wordpress
Published
Aug 13, 2012
Tracked Since
Feb 18, 2026