Vulnerability Description
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature.
CVSS Score
5.4
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pixelite | Events Manager | < 5.8.1.2 |
Related Weaknesses (CWE)
References
- http://wp-events-plugin.com/blog/2018/01/15/events-manager-5-8-1-2-security-releThird Party Advisory
- https://wordpress.org/plugins/events-manager/#developersThird Party Advisory
- https://www.gubello.me/blog/events-manager-authenticated-stored-xss/ExploitThird Party Advisory
- https://www.youtube.com/watch?v=40d7uXl36O4Third Party Advisory
- http://wp-events-plugin.com/blog/2018/01/15/events-manager-5-8-1-2-security-releThird Party Advisory
- https://wordpress.org/plugins/events-manager/#developersThird Party Advisory
- https://www.gubello.me/blog/events-manager-authenticated-stored-xss/ExploitThird Party Advisory
- https://www.youtube.com/watch?v=40d7uXl36O4Third Party Advisory
FAQ
What is CVE-2018-9020?
CVE-2018-9020 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature.
How severe is CVE-2018-9020?
CVE-2018-9020 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-9020?
Check the references section above for vendor advisories and patch information. Affected products include: Pixelite Events Manager.