CVE-2012-5349

Pay With Tweet < 1.1 - Cross-Site Scripting via Link, Title, or DL Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5349. PoCs published by Gianluca Brindisi.

AI-analyzed exploit summary The exploit details multiple vulnerabilities in the WordPress Pay With Tweet plugin, including blind SQL injection via shortcode and multiple XSS vulnerabilities in pay.php. It provides proof-of-concept examples for exploitation.

Description

Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter.

Exploits (1)

exploitdb WRITEUP
by Gianluca Brindisi · textwebappsphp
https://www.exploit-db.com/exploits/18330

The exploit details multiple vulnerabilities in the WordPress Pay With Tweet plugin, including blind SQL injection via shortcode and multiple XSS vulnerabilities in pay.php. It provides proof-of-concept examples for exploitation.

Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: Wordpress Pay With Tweet plugin <= 1.1
Auth required
Prerequisites: Ability to write a post/page for SQLi · Access to pay.php for XSS
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72166
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51308
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18330
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/78205
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47475

Scores

EPSS 0.0303
EPSS Percentile 85.8%

Details

CWE
CWE-79
Status published
Products (1)
wordpress/pay-with-tweet < 1.1
Published Oct 09, 2012
Tracked Since Feb 18, 2026