VDB
CVE-2012-4271
CVE-2012-4271
PUBLISHED
CVSS 4.300000190734863 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter.
EPSS 0.20% · 41.7th percentile
Risk Scores
CVSS v2.0
4.300000190734863
EPSS Score
0.20%
41.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| mark_jaquith | bad_behavior | 0, 2.2.0, 2.2.1 |
| wordpress | wordpress | |
| n/a | n/a | n/a |
Timeline
- Aug 13, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
References
- http://packetstormsecurity.org/files/112619/WordPress-Bad-Behavior-Cross-Site-Scripting.html url
- 53477 vdb
- http://plugins.trac.wordpress.org/changeset?old_path=%2Fbad-behavior&old=543807&new_path=%2Fbad-behavior&new=543807 url
- badbehavior-optionsgeneral-xss(75521) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2012-4271 advisory