.. / CVE-2012-5913

Exploit for WordPress Integrator 1.32 - Cross-Site Scripting (CVE-2012-5913)

Description:

A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.

Nuclei Template

View the template here CVE-2012-5913.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2012/CVE-2012-5913.yaml
Copy

References:

http://packetstormsecurity.org/files/111249/WordPress-Integrator-1.32-Cross-Site-Scripting.html
http://www.darksecurity.de/advisories/2012/SSCHADV2012-010.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/74475
https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-integrator-redirect_to-parameter-cross-site-scripting-1-32/
https://nvd.nist.gov/vuln/detail/CVE-2012-5913