CVE-2011-4618
published 2013-01-24CVE-2011-4618: Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject…
PriorityP425medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
10.08%
95.1th percentile
Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| simplerealtytheme | advanced_text_widget_plugin | <= 2.0.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Advanced Text Widget 2.0 - 'page' Cross-Site Scripting
exploitdb·2011-11-21
CVE-2011-4618 WordPress Plugin Advanced Text Widget 2.0 - 'page' Cross-Site Scripting
WordPress Plugin Advanced Text Widget 2.0 - 'page' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/50744/info
Advanced Text Widget plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Advanced Text Widget 2.0.0 is vulnerable; other versions may also be affected.
UPDATE Apr 18, 2012: Further reports indicate the issue reported may not be valid. This BID will be updated as more information emerges.
http://www.example.com/[path]/wp-content/plugins/a
Nuclei
Advanced Text Widget < 2.0.2 - Cross-Site Scripting
nuclei·CVSS 4.3
CVE-2011-4618 [MEDIUM] Advanced Text Widget < 2.0.2 - Cross-Site Scripting
Advanced Text Widget alert(document.domain)")'
- 'contains(body_1, "Advanced Text Widget")'
condition: and
# digest: 4a0a0047304502207cd24cbfff963d9f042823ab9946da6c24194958a6cfe882a1542b921964ab54022100f10f84eac8b803d598ed545568363f048f3e4526329d09fbbf66a512b1df66af:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2012-04/0119.htmlhttp://plugins.trac.wordpress.org/changeset?reponame=&new=466102%40advanced-text-widget&old=465828%40advanced-text-widgethttp://wordpress.org/extend/plugins/advanced-text-widget/changelog/http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilitieshttp://www.openwall.com/lists/oss-security/2011/12/19/6http://www.securityfocus.com/archive/1/520589http://www.securityfocus.com/bid/50744https://exchange.xforce.ibmcloud.com/vulnerabilities/71412http://archives.neohapsis.com/archives/bugtraq/2012-04/0119.htmlhttp://plugins.trac.wordpress.org/changeset?reponame=&new=466102%40advanced-text-widget&old=465828%40advanced-text-widgethttp://wordpress.org/extend/plugins/advanced-text-widget/changelog/http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilitieshttp://www.openwall.com/lists/oss-security/2011/12/19/6http://www.securityfocus.com/archive/1/520589http://www.securityfocus.com/bid/50744https://exchange.xforce.ibmcloud.com/vulnerabilities/71412
2013-01-24
Published