CVE-2012-4273
NUCLEI2-click-social-media-buttons < 0.34 - Cross-Site Scripting via xing-url Parameter
Title source: llmExploitation Summary
CVE-2012-4273 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.
Nuclei Templates (1)
2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
MEDIUMby daffainfo
References (4)
Core 4
Core References
Exploit, Patch x_refsource_confirm
http://plugins.trac.wordpress.org/changeset?old_path=%2F2-click-socialmedia-buttons&old=532798&new_path=%2F2-click-socialmedia-buttons&new=532798
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75518
Exploit x_refsource_misc
http://packetstormsecurity.org/files/112615/WordPress-2-Click-Socialmedia-Buttons-Cross-Site-Scripting.html
Product x_refsource_confirm
http://wordpress.org/extend/plugins/2-click-socialmedia-buttons/changelog/
Scores
EPSS
0.0096
EPSS Percentile
77.0%
Details
CWE
CWE-79
Status
published
Products (36)
ppfeufer/2-click-social-media-buttons
0.1
ppfeufer/2-click-social-media-buttons
0.2
ppfeufer/2-click-social-media-buttons
0.3
ppfeufer/2-click-social-media-buttons
0.10
ppfeufer/2-click-social-media-buttons
0.11 (3 CPE variants)
ppfeufer/2-click-social-media-buttons
0.12
ppfeufer/2-click-social-media-buttons
0.13
ppfeufer/2-click-social-media-buttons
0.14
ppfeufer/2-click-social-media-buttons
0.15
ppfeufer/2-click-social-media-buttons
0.16
... and 26 more
Published
Aug 13, 2012
Tracked Since
Feb 18, 2026