XSS in Mg12 Wp-recentcomments

CVE-2012-1068

Cross-site scripting (XSS) vulnerability in the rc_ajax function in core.php in the WP-RecentComments plugin before 2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter, related to AJAX…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.021 (79.7th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2012-1068?
CVE-2012-1068 is a vulnerability in Mg12 Wp-recentcomments, classified under Cross-site Scripting. Published 2012-02-14.
Is CVE-2012-1068 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.