Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20150)

Description

In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.

Remediation

References

Related Vulnerabilities

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8227)

WordPress Plugin WordPress Bitcoin Payments-Blockonomics Cross-Site Scripting (3.5.7)

WordPress Plugin Unite Gallery Lite Multiple Vulnerabilities (1.4.6)

WordPress Plugin Pinpoint Booking System-#1 WordPress Booking SQL Injection (2.9.9.2.8)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29214)

Severity

Medium

Classification

CVE-2018-20150 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities