WordPress Plugin Vulnerabilities

Better WP Security <= 3.2.4 - Cross-Site Scripting (XSS)

Description

The iThemes Security (formerly Better WP Security) WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
better-wp-security
Fixed in 3.2.5

References

CVE
CVE-2012-4263
CVE
CVE-2012-4264
URL
https://packetstormsecurity.com/files/#112617/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Verified
No
WPVDB ID
bc1e3530-e131-44ec-a261-1e2776d57917

Timeline

Publicly Published
2012-05-11 (about 14 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-11-28 (about 6 years ago)

Other

Published
Title
Published
2016-03-31
Title
WP External Links <= 1.80 - Multiple Cross-Site Scripting (XSS)
Published
2025-05-07
Title
Blockspare < 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-03-21
Title
FancyBox <= 1.0.1 - Reflected Cross-Site Scripting
Published
2023-01-31
Title
Namaste! LMS < 2.5.9.4 - Admin+ Stored XSS
Published
2014-08-01
Title
Shortcode Redirect <= 1.0.01 - Stored Cross Site Scripting