Vulnerability Description
A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Catapultthemes | Cookie Consent | < 2.3.10 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/147333/WordPress-UK-Cookie-Consent-2.3.9-CrThird Party AdvisoryVDB Entry
- https://gist.github.com/B0UG/9732614abccaf2893c352d14c822d07bThird Party Advisory
- https://wordpress.org/plugins/uk-cookie-consent/#developersProductRelease Notes
- https://www.exploit-db.com/exploits/44503/Third Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/147333/WordPress-UK-Cookie-Consent-2.3.9-CrThird Party AdvisoryVDB Entry
- https://gist.github.com/B0UG/9732614abccaf2893c352d14c822d07bThird Party Advisory
- https://wordpress.org/plugins/uk-cookie-consent/#developersProductRelease Notes
- https://www.exploit-db.com/exploits/44503/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2018-10310?
CVE-2018-10310 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTM...
How severe is CVE-2018-10310?
CVE-2018-10310 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10310?
Check the references section above for vendor advisories and patch information. Affected products include: Catapultthemes Cookie Consent.