Description
Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Aditya Balapure · textwebappsphp
https://www.exploit-db.com/exploits/38373
References (7)
Core 7
Core References
Vendor Advisory x_refsource_confirm
http://wordpress.org/extend/plugins/terillion-reviews/changelog/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/82727
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-03/0055.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/91123
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/120730/WordPress-Terillion-Reviews-Cross-Site-Scripting.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/58415
Product x_refsource_confirm
http://plugins.trac.wordpress.org/changeset/683838/terillion-reviews
Scores
EPSS
0.0621
EPSS Percentile
90.9%
Details
CWE
CWE-79
Status
published
Products (1)
terillion/terillion_reviews_plugin
< 1.1
Published
Mar 22, 2013
Tracked Since
Feb 18, 2026