Vulnerability Description
WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacker must craft an URL with payload and send to the user. Victim need to open the link to be affected by reflected XSS. .
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Veronalabs | Wp Statistics | < 12.0.6 |
Related Weaknesses (CWE)
References
- https://www.pluginvulnerabilities.com/2017/04/28/reflected-cross-site-scripting-ExploitThird Party Advisory
- https://www.pluginvulnerabilities.com/2017/04/28/reflected-cross-site-scripting-ExploitThird Party Advisory
FAQ
What is CVE-2018-1000556?
CVE-2018-1000556 is a vulnerability with a CVSS score of 6.1 (MEDIUM). WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which cou...
How severe is CVE-2018-1000556?
CVE-2018-1000556 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000556?
Check the references section above for vendor advisories and patch information. Affected products include: Veronalabs Wp Statistics.