WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)

2018-12-1300:00:00

Ryan Dewhurst

wpscan.com

0.002 Low

EPSS

Percentile

53.1%

JSON

According to WordPress: “Tim Coen discovered that contributors could edit new comments from higher-privileged users, potentially leading to a cross-site scripting vulnerability.”

CPENameOperatorVersion
wordpresseq3.8.1
wordpresslt3.8.28
wordpresseq3.8
wordpresslt3.8.28
wordpresseq3.7.1
wordpresslt3.7.28
wordpresseq3.9
wordpresslt3.9.26
wordpresseq3.9.1
wordpresslt3.9.26

Name	Operator	Version
wordpress	eq	3.8.1
wordpress	lt	3.8.28
wordpress	eq	3.8
wordpress	lt	3.8.28
wordpress	eq	3.7.1
wordpress	lt	3.7.28
wordpress	eq	3.9
wordpress	lt	3.9.26
wordpress	eq	3.9.1
wordpress	lt	3.9.26