CVE-2012-5349 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link (2) title or (3) dl parameter.

Reference

http://secunia.com/advisories/47475 http://wordpress.org/extend/plugins/pay-with-tweet/changelog/ http://www.exploit-db.com/exploits/18330 http://www.osvdb.org/78205 http://www.securityfocus.com/bid/51308 https://exchange.xforce.ibmcloud.com/vulnerabilities/72166