CVE-2012-5350

Pay With Tweet <1.2 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5350. PoCs published by Gianluca Brindisi.

AI-analyzed exploit summary The exploit details multiple vulnerabilities in the WordPress Pay With Tweet plugin, including blind SQL injection via shortcode and multiple XSS vulnerabilities in pay.php. It provides proof-of-concept examples for exploitation.

Description

SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode.

Exploits (1)

exploitdb WRITEUP
by Gianluca Brindisi · textwebappsphp
https://www.exploit-db.com/exploits/18330

The exploit details multiple vulnerabilities in the WordPress Pay With Tweet plugin, including blind SQL injection via shortcode and multiple XSS vulnerabilities in pay.php. It provides proof-of-concept examples for exploitation.

Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: Wordpress Pay With Tweet plugin <= 1.1
Auth required
Prerequisites: Ability to write a post/page for SQLi · Access to pay.php for XSS
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/78204
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51308
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18330
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72165
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47475

Scores

EPSS 0.0238
EPSS Percentile 81.7%

Details

CWE
CWE-89
Status published
Products (1)
wordpress/pay-with-tweet < 1.1
Published Oct 09, 2012
Tracked Since Feb 18, 2026