CVE-2011-5082
s2Member® Framework (Membership, Member Level Roles, Access Capabilities, PayPal Members) < 111220 - Cross-Site Scripting
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2member_pro_authnet_checkout[coupon] parameter (aka Coupon Code field).
Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el plugin de WordPress 's2Member Pro' antes de v111220 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro s2member_pro_authnet_checkout [coupon](también conocido como Código de cupón).
*Credits:
Chris Martin
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-02-12 CVE Published
- 2012-03-19 CVE Reserved
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.primothemes.com/forums/viewtopic.php?f=4&t=16173#p56982 | X_refsource_confirm | |
| http://www.securityfocus.com/bid/51997 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/73202 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/47954 | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | <= 111216 Search vendor "S2member" for product "S2member" and version " <= 111216" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 110604 Search vendor "S2member" for product "S2member" and version "110604" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 110605 Search vendor "S2member" for product "S2member" and version "110605" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 110606 Search vendor "S2member" for product "S2member" and version "110606" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 110617 Search vendor "S2member" for product "S2member" and version "110617" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 110620 Search vendor "S2member" for product "S2member" and version "110620" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 110708 Search vendor "S2member" for product "S2member" and version "110708" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 110709 Search vendor "S2member" for product "S2member" and version "110709" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 110710 Search vendor "S2member" for product "S2member" and version "110710" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 110731 Search vendor "S2member" for product "S2member" and version "110731" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 110812 Search vendor "S2member" for product "S2member" and version "110812" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 110815 Search vendor "S2member" for product "S2member" and version "110815" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 110912 Search vendor "S2member" for product "S2member" and version "110912" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 110913 Search vendor "S2member" for product "S2member" and version "110913" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 110915 Search vendor "S2member" for product "S2member" and version "110915" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 110926 Search vendor "S2member" for product "S2member" and version "110926" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 110927 Search vendor "S2member" for product "S2member" and version "110927" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 111002 Search vendor "S2member" for product "S2member" and version "111002" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 111003 Search vendor "S2member" for product "S2member" and version "111003" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 111011 Search vendor "S2member" for product "S2member" and version "111011" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 111017 Search vendor "S2member" for product "S2member" and version "111017" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 111029 Search vendor "S2member" for product "S2member" and version "111029" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 111105 Search vendor "S2member" for product "S2member" and version "111105" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|
| S2member Search vendor "S2member" | S2member Search vendor "S2member" for product "S2member" | 111206 Search vendor "S2member" for product "S2member" and version "111206" | - |
Affected
| in | Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | * | - |
Safe
|