CVE-2012-1068

Vulnerability

The WP-RecentComments plugin for WordPress, versions before 2.0.7, contains a reflected cross-site scripting (XSS) vulnerability in the rc_ajax function within core.php. The page parameter, used for AJAX paging, is not properly sanitized or escaped before being output, allowing injection of arbitrary HTML and JavaScript. The fix was introduced in changeset [416723][1], which added proper escaping to the parameter.

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by crafting a malicious URL that includes a JavaScript payload in the page parameter. When a victim visits the crafted URL or a page that triggers the AJAX paging functionality, the malicious script executes in the context of the victim's browser session. No special privileges or user interaction beyond visiting the crafted link is required.

Impact

Successful exploitation allows the attacker to execute arbitrary web script or HTML in the victim's browser. This can lead to session hijacking, defacement of the WordPress site, theft of sensitive information (e.g., cookies, authentication tokens), or redirection to malicious sites. The attack operates within the security context of the vulnerable WordPress installation.

Mitigation

The vulnerability was fixed in version 2.0.7 of the plugin. However, as of March 28, 2023, the plugin has been closed and removed from the WordPress.org plugin directory due to a security issue [2][3]. No patched version is available for download through official channels. Users who have the plugin installed should uninstall it immediately and consider alternative solutions. No workaround is documented.