VIR Vulnerability Intelligence Relay

CVE-2011-5192

medium
Published 2012-09-23 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
4.3

Description

Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5191.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
blairwilliamspretty_link_lite_plugin{"endIncluding":"1.5.5"}
blairwilliamspretty_link_lite_plugin1.4.12
blairwilliamspretty_link_lite_plugin1.4.13
blairwilliamspretty_link_lite_plugin1.4.14
blairwilliamspretty_link_lite_plugin1.4.15
blairwilliamspretty_link_lite_plugin1.4.16
blairwilliamspretty_link_lite_plugin1.4.17
blairwilliamspretty_link_lite_plugin1.4.18
blairwilliamspretty_link_lite_plugin1.4.19
blairwilliamspretty_link_lite_plugin1.4.20
blairwilliamspretty_link_lite_plugin1.4.21
blairwilliamspretty_link_lite_plugin1.4.22
blairwilliamspretty_link_lite_plugin1.4.23
blairwilliamspretty_link_lite_plugin1.4.24
blairwilliamspretty_link_lite_plugin1.4.25
blairwilliamspretty_link_lite_plugin1.4.26
blairwilliamspretty_link_lite_plugin1.4.27
blairwilliamspretty_link_lite_plugin1.4.28
blairwilliamspretty_link_lite_plugin1.4.29
blairwilliamspretty_link_lite_plugin1.4.30
blairwilliamspretty_link_lite_plugin1.4.31
blairwilliamspretty_link_lite_plugin1.4.32
blairwilliamspretty_link_lite_plugin1.4.33
blairwilliamspretty_link_lite_plugin1.4.34
blairwilliamspretty_link_lite_plugin1.4.35
blairwilliamspretty_link_lite_plugin1.4.36
blairwilliamspretty_link_lite_plugin1.4.38
blairwilliamspretty_link_lite_plugin1.4.39
blairwilliamspretty_link_lite_plugin1.4.41
blairwilliamspretty_link_lite_plugin1.4.42
blairwilliamspretty_link_lite_plugin1.4.43
blairwilliamspretty_link_lite_plugin1.4.44
blairwilliamspretty_link_lite_plugin1.4.45
blairwilliamspretty_link_lite_plugin1.4.46
blairwilliamspretty_link_lite_plugin1.4.47
blairwilliamspretty_link_lite_plugin1.4.48
blairwilliamspretty_link_lite_plugin1.4.49
blairwilliamspretty_link_lite_plugin1.4.50
blairwilliamspretty_link_lite_plugin1.4.51
blairwilliamspretty_link_lite_plugin1.4.52
blairwilliamspretty_link_lite_plugin1.4.53
blairwilliamspretty_link_lite_plugin1.4.55
blairwilliamspretty_link_lite_plugin1.4.56
blairwilliamspretty_link_lite_plugin1.5.0
blairwilliamspretty_link_lite_plugin1.5.1
blairwilliamspretty_link_lite_plugin1.5.2
blairwilliamspretty_link_lite_plugin1.5.4
wordpress wordpresswordpress-

References

CWEs

CWE-79

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.