FKIE_CVE-2012-1834
Vulnerability from fkie_nvd - Published: 2014-04-07 15:55 - Updated: 2026-06-16 23:40
Severity
Summary
Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php.
References
Impacted products
{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "cve@mitre.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "231B1684-B5E2-4366-B961-063D23F6E3A4",
"versionEndIncluding": "0.8.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "413069BD-21C2-40F5-960B-130FFC9EE947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.1a:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2D1553E5-3EA6-4552-82C2-D4662462AB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "333F8D91-06FC-42EF-A7A2-68226C6A5B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F9713986-D854-4D0E-80FF-5E7B890E6BFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "50C1ED83-E591-419B-AF2F-AF8DFAB756E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4D3E53F0-3059-4F3C-A8F2-0632AE908817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "3C2EEE37-1D45-444E-B02C-91C854EEF513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "698C0E0A-8CC3-4523-977B-7CB46CE6C057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4AC7AA05-71FA-4EB1-B9ED-80209B8EDD08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "77A111EC-6E43-4E5D-BCF3-349359B0429A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "655C0829-3FDC-4AFB-93FB-8E2AE91F51EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "C9D2AF0D-7CF7-4385-AF28-6AECB028246B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "113DCD65-F7D4-4D82-94C5-262171DDAE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F474DDF8-4121-4370-B63C-A15931DD613F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "74ED46BD-24A8-4A1E-B69A-21DD93DE9F8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EBF924E5-ACA2-49F2-A5F1-36A9219285C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "66DDBA63-9718-4891-8A6E-4F77366A571F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "8F51AF88-474E-4D16-916F-CF495F1E055E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B50B32BE-8FF8-4CD2-BDEF-7A796A563D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5354911A-9C4F-4037-B611-8DE0F7AA4109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9552B085-2C3E-4295-9014-14C818D185F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4470BB00-681E-4B7D-A9B4-D33E9882372A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D1EC6050-115C-48BF-BEB7-35B596916854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.6.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "262CE0D5-A74E-46D4-9C33-FAD77CA9EDAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.6.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "C731DADF-5E43-47B4-BA79-F6617BB892F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.6.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "85812DD4-7CEE-466C-A3B3-5BFBE4683DC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7AE76495-A7E2-4191-8588-9A58164F9016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D5B21BCF-D184-4915-9D77-94A1F94F4B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4340724C-5050-449A-AD0A-D1552F460620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "32D7F845-B24C-4BFE-A27B-5BDFD1BF49ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "177C4352-3B64-4DF3-999E-FEADCEA66E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "730A2CC9-4AAA-4AE0-908E-79AB0E5B8671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "3D9AB355-D639-4853-AA5C-B1297141A609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7572AB9C-B00A-42AD-A890-3157A53F470D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "036538F8-D1E8-4B80-B4B8-0119F659D37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "8709D5C2-5999-4516-9BAF-F9A6F5F1E75B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.10:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9B684B0C-6A96-4D8D-906E-5FC0BE83D746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.11:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "06D2F0E8-CD0E-4202-B57B-B724A043C9E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.12:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "212D4174-6A22-4E64-B6BB-E819E2E4F973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.13:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CBC6D453-6025-4FD3-B6D2-A5FF4668F5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.14:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "C7243CA2-A67D-4D62-ADBD-09B8CBAAD353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.15:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "15BF2206-C356-4D81-9CA5-11AE604111AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.16:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EBBEEB6E-FE56-440E-BBAA-9ECEE2678BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.17:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "11D75FC4-8AAF-4C63-96AE-883FDA3D22EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.18:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "B44B7646-9BD0-40CA-9C82-7F9BA363F045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.19:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "312A1044-7EC5-4FA9-9026-5CEF328EECAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.20:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7D6612AD-12DE-4888-878F-C29B46AC9E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "88291848-420B-47A4-8B3B-9A0DBFB8EDEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "6EC991D6-E241-4B9E-8102-13579DC58BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1C528946-A2C2-40A4-9249-8641AEF37E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F012B06C-6E5E-42B2-80FC-C4AA2D9B4838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E4A57510-F5C8-4E62-B731-F644D289C2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "C63DEA64-2E8F-43B7-9C44-A645D6CF2099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7C03AB33-96FA-4586-97DE-0A11A09AACBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "BC6468DE-B43D-4943-B2B7-507B90669D78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la funci\u00f3n cms_tpv_admin_head en functions.php en el plugin CMS Tree Page View anterior a 0.8.9 para WordPress permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del par\u00e1metro cms_tpv_view hacia wp-admin/options-general.php."
}
],
"id": "CVE-2012-1834",
"lastModified": "2026-06-16T23:40:23.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-07T15:55:03.860",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48510"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://wordpress.org/extend/plugins/cms-tree-page-view/changelog/"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/80573"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/52708"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74337"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://wordpress.org/extend/plugins/cms-tree-page-view/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/80573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23083"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…