CVE-2018-10101 — MEDIUM (6.1)

Q: What is CVE-2018-10101?

CVE-2018-10101 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.

Q: How severe is CVE-2018-10101?

CVE-2018-10101 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-10101?

Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress, Debian Debian Linux.

Vulnerability Description

Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Wordpress	Wordpress	< 4.9.5
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-601

References

http://www.securityfocus.com/bid/104350Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040836Third Party AdvisoryVDB Entry
https://codex.wordpress.org/Version_4.9.5Vendor Advisory
https://core.trac.wordpress.org/changeset/42894PatchVendor Advisory
https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aePatchThird Party Advisory
https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-releVendor Advisory
https://wpvulndb.com/vulnerabilities/9053Third Party Advisory
https://www.debian.org/security/2018/dsa-4193Third Party Advisory
http://www.securityfocus.com/bid/104350Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040836Third Party AdvisoryVDB Entry
https://codex.wordpress.org/Version_4.9.5Vendor Advisory
https://core.trac.wordpress.org/changeset/42894PatchVendor Advisory
https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aePatchThird Party Advisory
https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-releVendor Advisory
https://wpvulndb.com/vulnerabilities/9053Third Party Advisory

FAQ

What is CVE-2018-10101?

CVE-2018-10101 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.

How severe is CVE-2018-10101?

CVE-2018-10101 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-10101?

Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress, Debian Debian Linux.