Unrated severityNVD Advisory· Published Apr 7, 2014· Updated May 6, 2026

CVE-2012-1834

Description

Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php.

Affected products

Cms Tree Page View Project/Cms Tree Page View56 versions
cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.1a:*:*:*:*:wordpress:*:*+ 55 more
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.1a:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.5:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.6:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.7:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.8:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.9:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.5:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.6:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.7:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.6.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.6.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.6.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.6:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.10:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.11:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.12:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.13:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.14:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.15:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.16:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.17:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.18:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.19:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.20:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.5:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.6:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.7:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.8:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.9:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.5:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.6:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.7:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:*:*:*:*:*:wordpress:*:*range: <=0.8.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/523576/cms-tree-page-viewnvdPatch
wordpress.org/extend/plugins/cms-tree-page-view/changelog/nvdPatch
www.htbridge.com/advisory/HTB23083nvdExploit
secunia.com/advisories/48510nvdVendor Advisory
www.osvdb.org/80573nvd
www.securityfocus.com/bid/52708nvd
exchange.xforce.ibmcloud.com/vulnerabilities/74337nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000