Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2009-12-02T18:30:00.343
2025-04-09T00:30:58.490
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | wordpress | wordpress | * | No |
| Application | roytanck | wp-cumulus | ≤ 1.21 | Yes |
| Application | roytanck | wp-cumulus | 1.00 | Yes |
| Application | roytanck | wp-cumulus | 1.1 | Yes |
| Application | roytanck | wp-cumulus | 1.01 | Yes |
| Application | roytanck | wp-cumulus | 1.02 | Yes |
| Application | roytanck | wp-cumulus | 1.03 | Yes |
| Application | roytanck | wp-cumulus | 1.04 | Yes |
| Application | roytanck | wp-cumulus | 1.05 | Yes |
| Application | roytanck | wp-cumulus | 1.11 | Yes |
| Application | roytanck | wp-cumulus | 1.12 | Yes |
| Application | roytanck | wp-cumulus | 1.13 | Yes |
| Application | roytanck | wp-cumulus | 1.14 | Yes |
| Application | roytanck | wp-cumulus | 1.15 | Yes |
| Application | roytanck | wp-cumulus | 1.16 | Yes |
| Application | roytanck | wp-cumulus | 1.17 | Yes |
| Application | roytanck | wp-cumulus | 1.18 | Yes |
| Application | roytanck | wp-cumulus | 1.19 | Yes |
| Application | roytanck | wp-cumulus | 1.20 | Yes |