WordPress <= 3.3.2 – Cross-Site Scripting (XSS) in wp-includes/default-filters.php | CVE 2012-6633

Affects WordPress

3.3.2

Fixed in WordPress 3.3.3

3.3.1

Fixed in WordPress 3.3.3

3.3

Fixed in WordPress 3.3.3

3.2.1

Fixed in WordPress 3.3.3

3.2

Fixed in WordPress 3.3.3

3.1.4

Fixed in WordPress 3.3.3

3.1.3

Fixed in WordPress 3.3.3

3.1.2

Fixed in WordPress 3.3.3

3.1.1

Fixed in WordPress 3.3.3

3.1

Fixed in WordPress 3.3.3

3.0.6

Fixed in WordPress 3.3.3

3.0.5

Fixed in WordPress 3.3.3

3.0.4

Fixed in WordPress 3.3.3

3.0.3

Fixed in WordPress 3.3.3

3.0.2

Fixed in WordPress 3.3.3

3.0.1

Fixed in WordPress 3.3.3

3.0

Fixed in WordPress 3.3.3

References

CVE

CVE-2012-6633

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Verified

No

WPVDB ID

06398549-e2ca-4370-afc9-fe66e8079465

Timeline

Publicly Published

2014-08-01 (about 11 years ago)

Added

2014-08-01 (about 11 years ago)

Last Updated

2020-10-25 (about 5 years ago)

Other

Published

Title

Published

2026-01-11

Title

Penci Filter Everything <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-08-14

Title

Webba Booking < 6.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2025-02-14

Title

Easy Elementor Addons < 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-06-06

Title

Colibri Page Builder < 1.0.277 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_video_player Shortcode

Published

2024-02-07

Title

WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode