CVE-2009-4169
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
02/12/2009
Last modified:
09/04/2025
Description
Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:*:*:*:*:*:*:*:* | 1.21 (including) | |
| cpe:2.3:a:roytanck:wp-cumulus:1.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.01:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.02:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.03:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.04:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.05:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.13:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.14:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.15:*:*:*:*:*:*:* | ||
| cpe:2.3:a:roytanck:wp-cumulus:1.16:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.roytanck.com/2009/09/27/wp-cumulus-1-22-fixes-a-security-hole-please-upgrade/
- http://www.securityfocus.com/bid/37102
- http://www.vupen.com/english/advisories/2009/3322
- http://www.roytanck.com/2009/09/27/wp-cumulus-1-22-fixes-a-security-hole-please-upgrade/
- http://www.securityfocus.com/bid/37102
- http://www.vupen.com/english/advisories/2009/3322