CVE-2011-5082
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
19/03/2012
Last modified:
11/04/2025
Description
Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin before 111220 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s2member_pro_authnet_checkout[coupon] parameter (aka Coupon Code field).
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:s2member:s2member:*:*:*:*:*:*:*:* | 111216 (including) | |
| cpe:2.3:a:s2member:s2member:110604:*:*:*:*:*:*:* | ||
| cpe:2.3:a:s2member:s2member:110605:*:*:*:*:*:*:* | ||
| cpe:2.3:a:s2member:s2member:110606:*:*:*:*:*:*:* | ||
| cpe:2.3:a:s2member:s2member:110617:*:*:*:*:*:*:* | ||
| cpe:2.3:a:s2member:s2member:110620:*:*:*:*:*:*:* | ||
| cpe:2.3:a:s2member:s2member:110708:*:*:*:*:*:*:* | ||
| cpe:2.3:a:s2member:s2member:110709:*:*:*:*:*:*:* | ||
| cpe:2.3:a:s2member:s2member:110710:*:*:*:*:*:*:* | ||
| cpe:2.3:a:s2member:s2member:110731:*:*:*:*:*:*:* | ||
| cpe:2.3:a:s2member:s2member:110812:*:*:*:*:*:*:* | ||
| cpe:2.3:a:s2member:s2member:110815:*:*:*:*:*:*:* | ||
| cpe:2.3:a:s2member:s2member:110912:*:*:*:*:*:*:* | ||
| cpe:2.3:a:s2member:s2member:110913:*:*:*:*:*:*:* | ||
| cpe:2.3:a:s2member:s2member:110915:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/47954
- http://www.primothemes.com/forums/viewtopic.php?f=4&t=16173#p56982
- http://www.securityfocus.com/bid/51997
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73202
- http://secunia.com/advisories/47954
- http://www.primothemes.com/forums/viewtopic.php?f=4&t=16173#p56982
- http://www.securityfocus.com/bid/51997
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73202