CVE-2018-10102

🗓️ 16 Apr 2018 09:09:58Reported by [email protected]Type

Before WordPress 4.9.5, unescaped version string in get_the_generator function led to XSS in generator ta

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 21
UbuntuCve	CVE-2018-10102	16 Apr 201800:00	–	ubuntucve
CVE	CVE-2018-10102	16 Apr 201809:58	–	cve
Cvelist	CVE-2018-10102	14 Apr 201813:00	–	cvelist
Prion	Design/Logic Flaw	16 Apr 201809:58	–	prion
WPVulnDB	WordPress 3.7-4.9.4 - Escape Version in Generator Tag	4 Apr 201800:00	–	wpvulndb
OSV	CVE-2018-10102	16 Apr 201809:58	–	osv
OSV	UBUNTU-CVE-2018-10102	16 Apr 201809:58	–	osv
OSV	DLA-1366-1 wordpress - security update	27 Apr 201800:00	–	osv
OSV	DSA-4193-1 wordpress - security update	5 May 201800:00	–	osv
Debian CVE	CVE-2018-10102	16 Apr 201809:58	–	debiancve

Nvd

Node

wordpress wordpressRange<4.9.5

Node

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

Source	Link
securityfocus	www.securityfocus.com/bid/103775
lists	www.lists.debian.org/debian-lts-announce/2018/04/msg00031.html
github	www.github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
securitytracker	www.securitytracker.com/id/1040836
debian	www.debian.org/security/2018/dsa-4193
wordpress	www.wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
codex	www.codex.wordpress.org/Version_4.9.5
wpvulndb	www.wpvulndb.com/vulnerabilities/9055
core	www.core.trac.wordpress.org/changeset/42893

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Apr 2018 09:58Current

6.1Medium risk

Vulners AI Score6.1

CVSS24.3

CVSS36.1

EPSS0.0615

CWE-79