WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20150)

Description

In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.

Remediation

References

Related Vulnerabilities

ownCloud Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-10252)

WordPress Plugin Slideshow Pro Arbitrary File Upload (2.4)

WordPress Plugin YITH WooCommerce Bulk Product Editing Security Bypass (1.2.13)

WordPress Plugin Custom 404 Pro Unspecified Vulnerability (3.7.0)

WordPress Plugin Integration of Moneybird for WooCommerce Cross-Site Scripting (2.1.1)

Severity

Medium

Classification

CVE-2018-20150 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities