Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2012-0782 — Cross-site Scripting in Wordpress
Severity
4.3MEDIUMNVD
EPSS
1.4%
top 19.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJan 30
Latest updateMay 17
Description
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9
Affected Packages2 packages
🔴Vulnerability Details
3GHSA▶
GHSA-whf8-2944-v69h: ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config↗2022-05-17
OSV▶
CVE-2012-0782: ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config↗2012-01-30
OSV▶
CVE-2012-0782: Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config↗2012-01-30
💥Exploits & PoCs
1📋Vendor Advisories
1Debian▶
CVE-2012-0782: wordpress - Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php...↗2012