CVE-2016-1000126
published 2016-10-10CVE-2016-1000126: Reflected XSS in wordpress plugin admin-font-editor v1.8
PriorityP336medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
3.22%
86.7th percentile
Reflected XSS in wordpress plugin admin-font-editor v1.8
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| admin-font-editor_project | admin-font-editor | <= 1.8 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2016-1000126 [MEDIUM] WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
WordPress Admin Font Editor alert(document.domain)"
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022065978ae06a6cf8c3c8dba1958348dd94a50f0c8c375c6cd1965058d2425da8cc022100c95d6d26a89fcb4f3f258d3e1e3f05433497bc5aa9c73d18db6566c43d79c218:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2016-10-10
Published