CVE-2018-1000556

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1000556

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000556.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000556

Related

UBUNTU-CVE-2018-1000556

Published

2018-06-26T16:29:02Z

Modified

2024-09-02T23:31:18Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacker must craft an URL with payload and send to the user. Victim need to open the link to be affected by reflected XSS. .

References

https://www.pluginvulnerabilities.com/2017/04/28/reflected-cross-site-scripting-xss-vulnerability-in-wp-statistics/

Affected packages

Git / github.com/wp-statistics/wp-statistics

Affected ranges

Type: GIT
Repo: https://github.com/wp-statistics/wp-statistics
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2badcf5b0183242724bc532f16dbbc1f397f00f7