CVE-2012-5325

Published: Oct 8, 2012Modified: Apr 29, 2026

2.1

Vector

AV:N/AC:H/Au:S/C:N/I:P/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag.

Affected (2)

Products: Cartpauj: Shortcode Redirect

1 product

Shortcode Redirect

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cartpauj Shortcode Redirect	Up to 1.0.01
Cartpauj Shortcode Redirect	Version 1.0.00

Running on/with	Platform Versions
Wordpress Wordpress	All versions

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://packetstormsecurity.org/files/view/108914/wpshortcoderedirect-xss.txt

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/51626

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/72620

Source: cve@mitre.org

http://packetstormsecurity.org/files/view/108914/wpshortcoderedirect-xss.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/51626

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/72620

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.