CVE-2018-20150 — Cross-site Scripting in Wordpress

Severity

6.1MEDIUMNVD

EPSS

7.4%

top 8.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedDec 14

Latest updateMay 14

Description

In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

▶debiandebian/wordpress< wordpress 5.0.1+dfsg1-1 (bookworm)

▶NVDwordpress/wordpress5.0 — 5.0.1+1

▶Debianwordpress/wordpress< 5.0.1+dfsg1-1+3

Also affects: Debian Linux 8.0, 9.0

GHSA

GHSA-f844-ppv9-vxhv: In WordPress before 4↗2022-05-14

▶

OSV

CVE-2018-20150: In WordPress before 4↗2018-12-14

▶

Debian

CVE-2018-20150: wordpress - In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS f...↗2018

▶