ByteOS Network

NVD Vulnerability Details :

CVE-2012-2916

Deferred

Source-cve@mitre.org

Published At-21 May, 2012 | 18:55

Updated At-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

dlo>>simple_anti_bot_registration_engine_plugin>>Versions up to 1.2.0(inclusive)

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:*:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>0.1.1

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:0.1.1:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>0.2.1

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:0.2.1:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>0.2.2

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:0.2.2:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>0.4.0

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:0.4.0:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>0.4.1

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:0.4.1:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>0.4.2

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:0.4.2:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>0.6.0

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:0.6.0:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>0.6.1

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:0.6.1:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>0.6.2

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:0.6.2:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>0.6.3

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:0.6.3:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>0.7.0

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:0.7.0:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>0.7.1

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:0.7.1:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>0.7.2

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:0.7.2:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>0.7.3

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:0.7.3:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>0.7.4

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:0.7.4:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>0.8.0

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:0.8.0:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>0.9.0

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:0.9.0:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>1.0.0

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:1.0.0:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>1.1.0

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:1.1.0:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>1.1.1

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:1.1.1:*:*:*:*:*:*:*

dlo>>simple_anti_bot_registration_engine_plugin>>1.1.2

cpe:2.3:a:dlo:simple_anti_bot_registration_engine_plugin:1.1.2:*:*:*:*:*:*:*

WordPress.org

>>wordpress>>*

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://packetstormsecurity.org/files/112692/WordPress-SABRE-1.2.0-Cross-Site-Scripting.html	cve@mitre.org	Exploit
http://plugins.trac.wordpress.org/changeset?old_path=%2Fsabre&old=534490&new_path=%2Fsabre&new=534490	cve@mitre.org	Exploit Patch
http://wordpress.org/extend/plugins/sabre/changelog/	cve@mitre.org	N/A
http://www.securityfocus.com/bid/53528	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/75615	cve@mitre.org	N/A
http://packetstormsecurity.org/files/112692/WordPress-SABRE-1.2.0-Cross-Site-Scripting.html	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://plugins.trac.wordpress.org/changeset?old_path=%2Fsabre&old=534490&new_path=%2Fsabre&new=534490	af854a3a-2127-422b-91ae-364da2661108	Exploit Patch
http://wordpress.org/extend/plugins/sabre/changelog/	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/53528	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/75615	af854a3a-2127-422b-91ae-364da2661108	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History