FKIE_CVE-2013-6280
Vulnerability from fkie_nvd - Published: 2013-10-25 14:55 - Updated: 2026-06-17 00:00
Severity
Summary
Cross-site scripting (XSS) vulnerability in Social Sharing Toolkit plugin before 2.1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "cve@mitre.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:*:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "DF3C58DB-DBAD-4556-B144-A4ECAF1C3C6B",
"versionEndIncluding": "2.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:1.0.0:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "826E24C9-A49F-4845-96E6-F8F0BD516291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:1.0.1:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "CC824C29-370D-428D-90DE-B990A75499D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:1.2.0:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "D1C78AC5-DA34-42F6-8B98-AE3DFE0531A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:1.2.5:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "0CBC9391-F3BE-4809-AA23-D87B59B9679E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:1.3.0:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "F72BFE73-67A6-4D7B-8E17-9BB1434C3E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:1.3.1:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "8C808DA9-2D6D-4EC6-B042-B3B711C0D281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:1.3.2:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "EDA90326-8924-4189-B4B1-E2919FD4DB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:2.0.0:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "31570E9B-5646-4146-8D50-44E553EDC25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:2.0.1:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "D79E5306-0919-44D5-B7D0-1656DCAEA6C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:2.0.2:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "304102D3-E967-4BA4-96A7-CD984D17E6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:2.0.3:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "9076A536-0848-40A4-8767-40B64B728D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:2.0.4:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "76D6D588-2931-41D4-89DC-7AA30B1EF6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:2.0.5:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "E572C6E5-6984-4598-BB85-C96DD5F49D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:2.0.6:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "A5B613C5-1C2F-4A74-9132-D990EFBCF909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:2.0.7:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "5D00A15A-A3F5-4E1C-9E48-FC91B1AFF641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:2.0.8:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "0C62097F-AA79-42E3-801A-3D180E9C79A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:2.0.9:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "AECA0409-12B4-4BCB-A277-780D8F6C3BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linksalpha:social_sharing_toolkit_plugin:2.1.0:-:*:*:*:wordpress:*:*",
"matchCriteriaId": "05BDFE18-2509-458F-88D7-A149D1067429",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Social Sharing Toolkit plugin before 2.1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en el Toolkit Social Sharing antes de 2.1.2 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6280",
"lastModified": "2026-06-17T00:00:14.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-10-25T14:55:02.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://wordpress.org/plugins/social-sharing-toolkit/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://wordpress.org/plugins/social-sharing-toolkit/changelog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…