2 matches found
CVE-2012-5349
The CVE refers to multiple stored/reflected XSS flaws in WordPress Pay With Tweet plugin’s pay.php, affects versions before 1.2. An attacker can inject arbitrary script/HTML via the link, title, or dl parameters, potentially impacting site integrity and user sessions. The issue is mitigated by up...
CVE-2012-5350
CVE-2012-5350 affects the WordPress Pay With Tweet plugin (before 1.2). The vulnerability is a SQL injection in the paywithtweet shortcode, exploitable by remote authenticated users with certain permissions via the id parameter. This can lead to arbitrary SQL execution with the permissions of the...