Unrated severityNVD Advisory· Published Dec 2, 2009· Updated Apr 23, 2026
CVE-2009-4169
CVE-2009-4169
Description
Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected products
18cpe:2.3:a:roytanck:wp-cumulus:*:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:roytanck:wp-cumulus:*:*:*:*:*:*:*:*range: <=1.21
- cpe:2.3:a:roytanck:wp-cumulus:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:roytanck:wp-cumulus:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:roytanck:wp-cumulus:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:roytanck:wp-cumulus:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:roytanck:wp-cumulus:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:roytanck:wp-cumulus:1.05:*:*:*:*:*:*:*
- cpe:2.3:a:roytanck:wp-cumulus:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:roytanck:wp-cumulus:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:roytanck:wp-cumulus:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:roytanck:wp-cumulus:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:roytanck:wp-cumulus:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:roytanck:wp-cumulus:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:roytanck:wp-cumulus:1.16:*:*:*:*:*:*:*
- cpe:2.3:a:roytanck:wp-cumulus:1.17:*:*:*:*:*:*:*
- cpe:2.3:a:roytanck:wp-cumulus:1.18:*:*:*:*:*:*:*
- cpe:2.3:a:roytanck:wp-cumulus:1.19:*:*:*:*:*:*:*
- cpe:2.3:a:roytanck:wp-cumulus:1.20:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.roytanck.com/2009/09/27/wp-cumulus-1-22-fixes-a-security-hole-please-upgrade/nvdVendor Advisory
- www.vupen.com/english/advisories/2009/3322nvdVendor Advisory
- www.securityfocus.com/bid/37102nvd
News mentions
0No linked articles in our index yet.