Description

In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.

Remediation

References

CVE-2018-20149

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4021)

PHP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8935)

WebLogic Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-23305)

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Cross-Site Scripting (2.2.4)

Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22881)

Severity

Medium

Classification

CVE-2018-20149 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities