CVE-2012-5350
Title: Wordpress Pay-With-Tweet Injection (SQLi/OSi)
SQLi
Proof Of Concept
PoC Available for CVE-2012-5350
CWE Category
CWE-89
Published Date
Oct 09, 2012
Modified Date
Apr 29, 2026
Exploit Status
Available
Score
6.0
CVSS v2.0
Exploit Probability (EPSS)
1.47%
Vulnerability Summary
CVE-2012-5350: SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode.
Impacted Vendors
Reference Links
http://secunia.com/advisories/47475
http://wordpress.org/extend/plugins/pay-with-tweet/changelog/
http://www.exploit-db.com/exploits/18330
http://www.osvdb.org/78204
http://www.securityfocus.com/bid/51308
https://exchange.xforce.ibmcloud.com/vulnerabilities/72165
http://secunia.com/advisories/47475
http://wordpress.org/extend/plugins/pay-with-tweet/changelog/
http://www.exploit-db.com/exploits/18330
http://www.osvdb.org/78204
http://www.securityfocus.com/bid/51308
https://exchange.xforce.ibmcloud.com/vulnerabilities/72165
CVSS v2.0
Source Entity
[email protected]
Severity
MEDIUM
6.0
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:N/AC:M/Au:S/C:P/I:P/A:P
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2012-5350 Exploits & PoCs (Proof Of Concept)
Exploit-DB
https://www.exploit-db.com/exploits/18330
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
N/A
Complexity
N/A
Privileges
N/A
Interaction
NONE
CVSS Vector String
AV:N/AC:M/Au:S/C:P/I:P/A:P
Affected Stack
No specific products linked.