CVE-2012-5349
Description
Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Pay With Tweet plugin before 1.2 has multiple XSS vulnerabilities via link, title, or dl parameters in pay.php.
Vulnerability
The Pay With Tweet plugin for WordPress, versions before 1.2, contains multiple cross-site scripting (XSS) vulnerabilities in the pay.php file. Remote attackers can inject arbitrary web script or HTML via the link, title, or dl parameters [1].
Exploitation
An attacker can exploit these vulnerabilities by crafting a malicious URL with injected script in one of the parameters (link, title, or dl) and tricking a user into clicking the link. No authentication is required, as the parameters are not properly sanitized before being output [1].
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
Mitigation
The vulnerability is fixed in version 1.2 of the plugin. However, as of the CVE publication date, the plugin has been closed and is no longer available for download from the WordPress plugin repository [1]. Users should ensure they are running version 1.2 or later; if not, they should consider removing the plugin or finding an alternative.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6News mentions
0No linked articles in our index yet.