Unrated severityNVD Advisory· Published Aug 13, 2012· Updated Jun 16, 2026
CVE-2012-4271
CVE-2012-4271
Description
Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter.
Affected products
12cpe:2.3:a:mark_jaquith:bad_behavior:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:mark_jaquith:bad_behavior:*:*:*:*:*:*:*:*range: <=2.0.46
- cpe:2.3:a:mark_jaquith:bad_behavior:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mark_jaquith:bad_behavior:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mark_jaquith:bad_behavior:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mark_jaquith:bad_behavior:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:mark_jaquith:bad_behavior:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*
- Range: < 2.0.47, < 2.2.5 for versions 2.2.x
- osv-coords4 versionspkg:apk/chainguard/wordpresspkg:apk/chainguard/wordpress-oci-entrypointpkg:apk/wolfi/wordpresspkg:apk/wolfi/wordpress-oci-entrypoint
< 0+ 3 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.