2 matches found
CVE-2012-2371
WP-FaceThumb plugin for WordPress (version 0.1) has a reflected XSS in index.php, exploitable via the pagination_wp_facethumb parameter. The NVD description confirms the vulnerability enables remote injection of arbitrary scripts/HTML. The connected Nuclei template reiterates the XSS in WP-FaceTh...
CVE-2014-4585
The CVE-2014-4585 entry concerns the WP-FaceThumb WordPress plugin (likely 1.0 and earlier) suffering a Cross‑site Scripting (XSS) vulnerability. According to the records, an attacker could inject arbitrary script or HTML via the ajax_url parameter to index.php, enabling remote code/input manipul...