CVE-2012-5325

EUVD-2012-5248
Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
cartpaujshortcode-redirect
𝑥
≤ 1.0.01
cartpaujshortcode-redirect
1.0.00
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.org/files/view/108914/wpshortcoderedirect-xss.txt
http://www.securityfocus.com/bid/51626
https://exchange.xforce.ibmcloud.com/vulnerabilities/72620
http://packetstormsecurity.org/files/view/108914/wpshortcoderedirect-xss.txt
http://www.securityfocus.com/bid/51626
https://exchange.xforce.ibmcloud.com/vulnerabilities/72620