CVE-2012-4263 - Vulnerability Details

Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bit51	Better-wp-security
Wordpress	Wordpress

Configuration 1 [-]

AND

OR	cpe:2.3:a:bit51:better-wp-security::::::::
	cpe:2.3:a:bit51:better-wp-security:-:alpha1::::::
	cpe:2.3:a:bit51:better-wp-security:-:alpha10::::::
	cpe:2.3:a:bit51:better-wp-security:-:alpha11::::::
	cpe:2.3:a:bit51:better-wp-security:-:alpha2::::::
	cpe:2.3:a:bit51:better-wp-security:-:alpha3::::::
	cpe:2.3:a:bit51:better-wp-security:-:alpha4::::::
	cpe:2.3:a:bit51:better-wp-security:-:alpha5::::::
	cpe:2.3:a:bit51:better-wp-security:-:alpha6::::::
	cpe:2.3:a:bit51:better-wp-security:-:alpha7::::::
	cpe:2.3:a:bit51:better-wp-security:-:alpha8::::::
	cpe:2.3:a:bit51:better-wp-security:-:alpha9::::::
	cpe:2.3:a:bit51:better-wp-security:0.1:alpha::::::
	cpe:2.3:a:bit51:better-wp-security:0.1:beta::::::
	cpe:2.3:a:bit51:better-wp-security:0.2:beta::::::
	cpe:2.3:a:bit51:better-wp-security:0.3:beta::::::
	cpe:2.3:a:bit51:better-wp-security:0.4:beta::::::
	cpe:2.3:a:bit51:better-wp-security:0.5:beta::::::
	cpe:2.3:a:bit51:better-wp-security:0.6:beta::::::
	cpe:2.3:a:bit51:better-wp-security:0.7:beta::::::
	cpe:2.3:a:bit51:better-wp-security:0.8:beta::::::
	cpe:2.3:a:bit51:better-wp-security:0.9:beta::::::
	cpe:2.3:a:bit51:better-wp-security:0.10:beta::::::
	cpe:2.3:a:bit51:better-wp-security:0.11:beta::::::
	cpe:2.3:a:bit51:better-wp-security:0.13:beta::::::
	cpe:2.3:a:bit51:better-wp-security:0.14:beta::::::
	cpe:2.3:a:bit51:better-wp-security:0.15:beta::::::
	cpe:2.3:a:bit51:better-wp-security:0.16:beta::::::
	cpe:2.3:a:bit51:better-wp-security:1.0:::::::*
	cpe:2.3:a:bit51:better-wp-security:1.1:::::::*
	cpe:2.3:a:bit51:better-wp-security:1.2:::::::*
	cpe:2.3:a:bit51:better-wp-security:1.3:::::::*
	cpe:2.3:a:bit51:better-wp-security:1.4:::::::*
	cpe:2.3:a:bit51:better-wp-security:1.5:::::::*
	cpe:2.3:a:bit51:better-wp-security:1.6:::::::*
	cpe:2.3:a:bit51:better-wp-security:1.7:::::::*
	cpe:2.3:a:bit51:better-wp-security:1.8:::::::*
	cpe:2.3:a:bit51:better-wp-security:1.8.1:::::::*
	cpe:2.3:a:bit51:better-wp-security:1.9:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.0:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.1:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.2:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.3:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.4:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.5:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.6:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.7:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.8:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.9:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.10:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.11:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.12:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.13:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.14:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.15:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.16:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.17:::::::*
	cpe:2.3:a:bit51:better-wp-security:2.18:::::::*
	cpe:2.3:a:bit51:better-wp-security:3.0:::::::*
	cpe:2.3:a:bit51:better-wp-security:3.0.1:::::::*
	cpe:2.3:a:bit51:better-wp-security:3.0.2:::::::*
	cpe:2.3:a:bit51:better-wp-security:3.0.3:::::::*
	cpe:2.3:a:bit51:better-wp-security:3.0.4:::::::*
	cpe:2.3:a:bit51:better-wp-security:3.0.5:::::::*
cpe:2.3:a:bit51:better-wp-security:3.0.6:::::::*
cpe:2.3:a:bit51:better-wp-security:3.0.7:::::::*
cpe:2.3:a:bit51:better-wp-security:3.0.8:::::::*
cpe:2.3:a:bit51:better-wp-security:3.0.9:::::::*
cpe:2.3:a:bit51:better-wp-security:3.0.10:::::::*
cpe:2.3:a:bit51:better-wp-security:3.0.11:::::::*
cpe:2.3:a:bit51:better-wp-security:3.0.12:::::::*
cpe:2.3:a:bit51:better-wp-security:3.1:::::::*
cpe:2.3:a:bit51:better-wp-security:3.2:::::::*
cpe:2.3:a:bit51:better-wp-security:3.2.1:::::::*
cpe:2.3:a:bit51:better-wp-security:3.2.2:::::::*
cpe:2.3:a:bit51:better-wp-security:3.2.3:::::::*
cpe:2.3:a:bit51:better-wp-security:3.2.5:::::::*

cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bit51.com/software/better-wp-security/changelog/
http://packetstormsecurity.org/files/112617/WordPress-Better-WP-Security-Cross-Site-Scripting.html
http://plugins.trac.wordpress.org/changeset?old_path=%2Fbetter-wp-security&old=542852&new_path=%2Fbetter-wp-security&new=542852
http://www.securityfocus.com/bid/53480
https://exchange.xforce.ibmcloud.com/vulnerabilities/75523

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-08-13T22:00:00

Updated: 2024-08-06T20:28:07.680Z

Reserved: 2012-08-13T00:00:00

Link: CVE-2012-4263

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-08-13T22:55:01.037

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-4263

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-05-11T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbetter-wp-security&old=542852&new_path=%2Fbetter-wp-security&new=542852"}, {"name": "53480", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/53480"}, {"name": "betterwpsecurity-admin-xss(75523)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75523"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.org/files/112617/WordPress-Better-WP-Security-Cross-Site-Scripting.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bit51.com/software/better-wp-security/changelog/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4263", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbetter-wp-security&old=542852&new_path=%2Fbetter-wp-security&new=542852", "refsource": "CONFIRM", "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbetter-wp-security&old=542852&new_path=%2Fbetter-wp-security&new=542852"}, {"name": "53480", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53480"}, {"name": "betterwpsecurity-admin-xss(75523)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75523"}, {"name": "http://packetstormsecurity.org/files/112617/WordPress-Better-WP-Security-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.org/files/112617/WordPress-Better-WP-Security-Cross-Site-Scripting.html"}, {"name": "http://bit51.com/software/better-wp-security/changelog/", "refsource": "CONFIRM", "url": "http://bit51.com/software/better-wp-security/changelog/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:28:07.680Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbetter-wp-security&old=542852&new_path=%2Fbetter-wp-security&new=542852"}, {"name": "53480", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/53480"}, {"name": "betterwpsecurity-admin-xss(75523)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75523"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.org/files/112617/WordPress-Better-WP-Security-Cross-Site-Scripting.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bit51.com/software/better-wp-security/changelog/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-4263", "datePublished": "2012-08-13T22:00:00", "dateReserved": "2012-08-13T00:00:00", "dateUpdated": "2024-08-06T20:28:07.680Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bit51:better-wp-security:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD289ADB-0EA2-49BD-8265-01C5268EC3D1", "versionEndIncluding": "3.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha1:*:*:*:*:*:*", "matchCriteriaId": "15DF5E1E-881C-43AC-95F7-BE8EB11BE0AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha10:*:*:*:*:*:*", "matchCriteriaId": "F18CEC5E-0A32-44D8-9E22-8B857DAD3133", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha11:*:*:*:*:*:*", "matchCriteriaId": "568C3E87-7AFD-465F-972D-7E956C53FA48", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha2:*:*:*:*:*:*", "matchCriteriaId": "1AC43B43-2D13-4F89-B606-BE0663419396", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha3:*:*:*:*:*:*", "matchCriteriaId": "B38F0642-2833-4FAB-B937-5FE6217E08CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha4:*:*:*:*:*:*", "matchCriteriaId": "136E3C16-0FA0-4A1D-8339-C251D81B8BB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha5:*:*:*:*:*:*", "matchCriteriaId": "FBFD9A86-F456-46B8-943F-FE5D47212411", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha6:*:*:*:*:*:*", "matchCriteriaId": "0B910013-BCA8-42B8-9479-9E30A6C9090C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha7:*:*:*:*:*:*", "matchCriteriaId": "4EEF5DA7-A0BF-4C66-9FF8-85157C60BA16", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha8:*:*:*:*:*:*", "matchCriteriaId": "141D1897-16E2-4C64-9C24-242EE70ACA16", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:-:alpha9:*:*:*:*:*:*", "matchCriteriaId": "6F90BEB2-5E00-44EF-AAC0-E4D4E2DBCB03", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:0.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "EE574A4D-0D5F-4886-A2A0-F3DF4457D596", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:0.1:beta:*:*:*:*:*:*", "matchCriteriaId": "3151C4D9-98C2-47F3-BC99-E3F3B9F57F65", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:0.2:beta:*:*:*:*:*:*", "matchCriteriaId": "41CD8677-F8C1-4843-A5E4-634C38BDF8A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:0.3:beta:*:*:*:*:*:*", "matchCriteriaId": "AF896294-800A-4EE1-BFF2-A9C992A8F075", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:0.4:beta:*:*:*:*:*:*", "matchCriteriaId": "2AD1425C-C6AF-4EFD-A0E8-99D3D210B0FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:0.5:beta:*:*:*:*:*:*", "matchCriteriaId": "22FB621C-F310-4B9F-A3FF-A4225199DF3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:0.6:beta:*:*:*:*:*:*", "matchCriteriaId": "F51A8704-73FB-4B23-9422-A11832626EE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:0.7:beta:*:*:*:*:*:*", "matchCriteriaId": "E13924F0-8CDA-4D18-A423-DC7362249BA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:0.8:beta:*:*:*:*:*:*", "matchCriteriaId": "60042CD4-3527-4C1F-90E1-EEE89140B84A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:0.9:beta:*:*:*:*:*:*", "matchCriteriaId": "B3E07A3C-6621-4FB2-89BD-CAF0565787A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:0.10:beta:*:*:*:*:*:*", "matchCriteriaId": "904BAF9D-66EE-4703-B5BE-D55A5AA50493", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:0.11:beta:*:*:*:*:*:*", "matchCriteriaId": "960AD1A5-302F-4B0F-BD9C-B06BC18777FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:0.13:beta:*:*:*:*:*:*", "matchCriteriaId": "448A5C8D-497E-448E-BA00-4F46A788160A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:0.14:beta:*:*:*:*:*:*", "matchCriteriaId": "A16B0B65-BBCE-42ED-84F3-8BC89789BD66", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:0.15:beta:*:*:*:*:*:*", "matchCriteriaId": "5E86C0DA-4C14-46F5-AAB4-A87A30D447DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:0.16:beta:*:*:*:*:*:*", "matchCriteriaId": "08EA28D0-A8DE-4742-B94C-06087CD484ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BE57115A-4D74-4659-9DF9-D4BD3E2171D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "51A3D8FF-506A-427B-BA65-80A2C5B9C634", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F88FAEC8-894E-4915-A697-CE143777C58C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "6F7190B9-DD1F-4C4B-BFDC-45BBD3DABAED", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "CBFB5FE1-6D7F-4FCE-A262-EFF7AFED89A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "D9D026B8-1D64-42A1-911F-156F963F8074", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "1CAF8E91-FAC8-42B0-9FF0-04931EACAFBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "29C02177-49AC-44F8-BE2A-62FB99773F6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "DCB53453-DDE4-4F9A-ACF4-DFD158FF42FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "5ED17B1A-AF5C-4A33-B6B7-143DEF80F22E", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:1.9:*:*:*:*:*:*:*", "matchCriteriaId": "5A44A3AC-B458-4DBF-A5A9-AD6970997C8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "F9F57345-4FFB-4665-819C-E4B5C0415B29", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "85CB091A-F9C2-4757-B76D-D812222881BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "DCF5D0F9-A3C8-4611-9127-1AC097EA9A5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "7EA8ABA9-AC31-49B5-8F66-5BAC0C677B4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "9DCB48EE-DA9E-432E-92B9-E41D8F1F2100", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "6C240700-D480-4161-9E04-20A546DE3923", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "CAC22ED4-A7EC-4F2B-93DB-4F404B4E70FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.7:*:*:*:*:*:*:*", "matchCriteriaId": "FC911E45-C939-4A99-85B0-FAE1686E6E10", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.8:*:*:*:*:*:*:*", "matchCriteriaId": "6EADF84F-B8C1-47F4-B7B1-5E35F3EF80C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.9:*:*:*:*:*:*:*", "matchCriteriaId": "4EC058F4-F148-4A75-834F-D1FEB2EC9284", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.10:*:*:*:*:*:*:*", "matchCriteriaId": "5CDEAA24-C336-4E7E-885D-98ADB10542AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.11:*:*:*:*:*:*:*", "matchCriteriaId": "18031033-01A4-409B-82C1-0B7DCB6292C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.12:*:*:*:*:*:*:*", "matchCriteriaId": "5B1C844A-1A13-46E2-99D6-3941AB6BD949", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.13:*:*:*:*:*:*:*", "matchCriteriaId": "0F286BD8-27C8-4931-A939-D5BEF0260BA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.14:*:*:*:*:*:*:*", "matchCriteriaId": "E3B65A00-C937-45D9-8293-FA9F64F1DC4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.15:*:*:*:*:*:*:*", "matchCriteriaId": "7D4B4690-8511-490A-BB54-170B08537636", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.16:*:*:*:*:*:*:*", "matchCriteriaId": "54D2CB69-44DA-4B4B-AC54-52791D797FB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.17:*:*:*:*:*:*:*", "matchCriteriaId": "0C0D090B-43AE-4C30-B1E9-8C5A29AECA34", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:2.18:*:*:*:*:*:*:*", "matchCriteriaId": "95326200-4C92-4CD0-B29A-50635170854C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "CF278881-C1FE-4758-A847-846576491EF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F2D5AC8F-0DEA-4E6A-92D2-7AC0BE1C3D65", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "479EE262-7BA6-4090-95A8-FA4C74AFC5D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "F8000058-6F52-47DE-BD8F-6C7192D23948", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "2CBB8546-6A0A-4FB7-8A5D-B0A7041643F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "1EE8226D-8360-43B4-87E0-0F7BC628945C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "AF83D2F0-6912-4945-B3D3-24AFB203A5AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "653E7131-7DFB-4117-B420-160B2D15E87A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4E3DF4B-8D38-4273-BEB2-C371A5B79560", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "B567B860-BA79-4E02-BE30-05AE4C58E212", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "E1A9F1B6-0AF9-4086-8FFA-22C252DB9202", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "17E76B6E-E087-4F3D-BDBB-187225D5B9E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "5A5D0FA8-4D8E-41DB-A152-29EA500A52A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "DFF4FF53-1DA5-45AF-924C-156D6A019136", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "DA4F93D2-E669-462A-8A45-2551F143E00D", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E4FFD9EB-7046-4BB8-BBA0-5121198CB8CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "19B3DDC7-D8E3-4F44-98C2-827F08260DFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "A18561D4-72F0-466F-B7C6-2E791163A20A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bit51:better-wp-security:3.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "8212DE1B-615D-4915-A43C-67752C8D60E4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*", "matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header."}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en inc/admin/content.php en el plugin 'Better WP Security' (better_wp_security) para WordPress antes de v3.2.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la cabecera HTTP_USER_AGENT.\r\n"}], "id": "CVE-2012-4263", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-08-13T22:55:01.037", "references": [{"source": "cve@mitre.org", "url": "http://bit51.com/software/better-wp-security/changelog/"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/files/112617/WordPress-Better-WP-Security-Cross-Site-Scripting.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbetter-wp-security&old=542852&new_path=%2Fbetter-wp-security&new=542852"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/53480"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75523"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bit51.com/software/better-wp-security/changelog/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/files/112617/WordPress-Better-WP-Security-Cross-Site-Scripting.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbetter-wp-security&old=542852&new_path=%2Fbetter-wp-security&new=542852"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/53480"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75523"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object