PT-2014-2399 · WordPress · Media Library Categories

Published

2014-01-16

Updated

2014-01-17

CVE-2012-6630

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Media Library Categories plugin version 1.1.1

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the bulk parameter to "media-library-categories/add.php" or the q parameter to "media-library-categories/view.php".

Recommendations For Media Library Categories plugin version 1.1.1, consider disabling access to the "media-library-categories/add.php" and "media-library-categories/view.php" endpoints until a patch is available. Avoid using the bulk and q parameters in these endpoints to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2012-6630

Affected Products

Media Library Categories

PT-2014-2399 · WordPress · Media Library Categories

CVE-2012-6630

Weakness Enumeration

Related Identifiers

Affected Products

References · 4