CVE-2011-5191

Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://wordpress.org/extend/plugins/pretty-link/changelog/	Vendor Advisory
http://plugins.trac.wordpress.org/changeset/473693/pretty-link	Exploit Patch

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.5.1:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.56:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.55:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.53:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.41:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.38:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.36:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.35:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.34:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.21:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.5.0:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.19:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.32:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.28:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.39:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.46:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.48:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.20:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.12:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.14:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.26:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.42:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.30:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.18:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.16:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.47:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.50:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.23:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.25:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.45:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.27:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.52:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.29:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.49:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.13:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.24:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.43:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.22:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.33:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.17:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.31:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.51:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.44:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin:1.4.15:::::::*
	cpe:2.3:a:blairwilliams:pretty_link_lite_plugin::::::::

cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*

Information

Published : 2012-09-23 10:55

Updated : 2012-09-23 21:00

NVD link : CVE-2011-5191

Mitre link : CVE-2011-5191

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

blairwilliams

pretty_link_lite_plugin

wordpress

wordpress

4.3 /10