Description

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.

Remediation

References

CVE-2018-20153

Related Vulnerabilities

WordPress Plugin Buckets Cross-Site Scripting (0.1.9.2)

WordPress Plugin Bug Library Unspecified Vulnerability (2.0.7)

WordPress Plugin jQuery Reply to Comment Cross-Site Request Forgery (1.31)

WordPress 5.3.x Multiple Vulnerabilities (5.3)

WordPress Plugin Import all XML, CSV & TXT into WordPress Security Bypass (6.4.1)

Severity

Medium

Classification

CVE-2018-20153 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities