WordPress Plugin Vulnerabilities

LeagueManager <= 3.7 - wp-admin/admin.php Multiple Parameter XSS

Description

The LeagueManager WordPress plugin was affected by a wp-admin/admin.php Multiple Parameter XSS security vulnerability.

Affects Plugins

Plugin icon
leaguemanager
No known fix

References

CVE
CVE-2012-2912
URL
https://packetstormsecurity.com/files/#112698/
URL
https://exchange.xforce.ibmcloud.com/vulnerabilities/75629

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Verified
No
WPVDB ID
f50da54a-6d5e-46b7-81a9-dc54fdb2d3ff

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-11-28 (about 6 years ago)

Other

Published
Title
Published
2026-02-18
Title
Tennis Court Bookings <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings and Calendar Parameters
Published
2024-07-01
Title
The Post Grid < 7.7.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via section title tag
Published
2014-08-01
Title
Simple Balance <= 2.2.1 - index.php s Parameter XSS
Published
2023-01-17
Title
TemplatesNext ToolKit < 3.2.8 - Contributor+ Stored XSS
Published
2024-08-12
Title
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) < 5.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Gallery and Countdown Widgets