CVE-2012-2371

Name of the Vulnerable Software and Affected Versions WP-FaceThumb plugin version 0.1

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the pagination wp facethumb parameter in the index.php file.

Recommendations For WP-FaceThumb plugin version 0.1, consider disabling the vulnerable parameter pagination wp facethumb in the index.php file until a patch is available. Restrict access to the index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.