Lucene search

[email protected]CVE-2018-11709

HistoryJun 04, 2018 - 1:29 p.m.

CVE-2018-11709

2018-06-0413:29:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2018-11709

unauthenticated

reflected xss

wpforo forum

nvd

wordpress

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.2%

JSON

wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.

CPENameOperatorVersion
gvectors:wpforo_forumgvectors wpforo forumlt1.4.12

CPE	Name	Operator	Version
gvectors:wpforo_forum	gvectors wpforo forum	lt	1.4.12

References

blog.dewhurstsecurity.com/2018/06/01/wp-foro-wordpress-plugin-xss-vulnerability.html

wordpress.org/plugins/wpforo/#developers

wpvulndb.com/vulnerabilities/9090

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.2%

JSON

Related for CVE-2018-11709

wpexploit1 patchstack1 wpvulndb1 nuclei1 prion1