Strix
26.1K

CVE-2011-5128

UnknownEPSS 1.65%

Last modified

CVE-2011-5128 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) inc-options/deinstall_options.php, (2) inc-options/theme_options.php, or (3) inc-options/im_export_options.php, or the (4) post or (5) post_ID parameters to adminimize.php, different vectors than CVE-2011-4926.. EPSS estimates a 1.65% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) inc-options/deinstall_options.php, (2) inc-options/theme_options.php, or (3) inc-options/im_export_options.php, or the (4) post or (5) post_ID parameters to adminimize.php, different vectors than CVE-2011-4926.

Metrics

EPSS Probability
1.65%

73.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
BueltgeAdminimize<= 1.7.21
BueltgeAdminimize0.6.9
BueltgeAdminimize0.7
BueltgeAdminimize0.7.1
BueltgeAdminimize0.7.2
BueltgeAdminimize0.7.3
BueltgeAdminimize0.7.5
BueltgeAdminimize0.7.6
BueltgeAdminimize0.7.7
BueltgeAdminimize0.7.8
BueltgeAdminimize0.7.9
BueltgeAdminimize0.8
BueltgeAdminimize0.8.1
BueltgeAdminimize1.0
BueltgeAdminimize1.1
BueltgeAdminimize1.2
BueltgeAdminimize1.3
BueltgeAdminimize1.4
BueltgeAdminimize1.4.1
BueltgeAdminimize1.4.2
BueltgeAdminimize1.4.3-6
BueltgeAdminimize1.4.7
BueltgeAdminimize1.5
BueltgeAdminimize1.5.1
BueltgeAdminimize1.5.2
BueltgeAdminimize1.5.3-8
BueltgeAdminimize1.6.1
BueltgeAdminimize1.6.3
BueltgeAdminimize1.6.4
BueltgeAdminimize1.6.5
BueltgeAdminimize1.6.6-7
BueltgeAdminimize1.6.8
BueltgeAdminimize1.6.9
BueltgeAdminimize1.7
BueltgeAdminimize1.7.1
BueltgeAdminimize1.7.2
BueltgeAdminimize1.7.3
BueltgeAdminimize1.7.4
BueltgeAdminimize1.7.5
BueltgeAdminimize1.7.6
BueltgeAdminimize1.7.7
BueltgeAdminimize1.7.8
BueltgeAdminimize1.7.9
BueltgeAdminimize1.7.10
BueltgeAdminimize1.7.11
BueltgeAdminimize1.7.12
BueltgeAdminimize1.7.13
BueltgeAdminimize1.7.14
BueltgeAdminimize1.7.15
BueltgeAdminimize1.7.16

Showing 50 of 54 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2011-5128?
Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) inc-options/deinstall_options.php, (2) inc-options/theme_options.php, or (3) inc-options/im_export_options.php, or the (4) post or (5) post_ID parameters to adminimize.php, different vectors than CVE-2011-4926.
How severe is CVE-2011-5128?
Severity scoring for CVE-2011-5128 is pending analysis. The EPSS model estimates a 1.65% probability of exploitation in the next 30 days.
How do I fix CVE-2011-5128?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-5128?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST