Published: 12/02/2013 Updated: 13/02/2013

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme prior to 3.1.5 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget.

Vulnerable Product	Search on Vulmon	Subscribe to Product
appthemes classipress 3.1.5
appthemes classipress 3.1.3
appthemes classipress 3.0.5.2
appthemes classipress
appthemes classipress 3.0.5.3

# Exploit Title: WordPress Classipress Theme <= 314 Stored XSS # Date: 2011-09-26 # Author: Paul Loftness # Contact:attackvectorlabsblogspotcom # Vendor: Appthemes LLc # Product Web Page: wwwappthemescom/themes/classipress/ # Version: <=314 # Tested Versions: 314, 3053 Summary: ------------------------- ClassiPre ...

CWE-79 http://www.osvdb.org/76712 http://secunia.com/advisories/46658 http://www.exploit-db.com/exploits/18053 http://docs.appthemes.com/classipress/classipress-version-3-1-5/https://nvd.nist.gov https://www.exploit-db.com/exploits/18053/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-5257

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect