CVE-2018-20153 — Cross-site Scripting in Wordpress

Severity

5.4MEDIUMNVD

EPSS

5.4%

top 9.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedDec 14

Latest updateMay 14

Description

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

▶debiandebian/wordpress< wordpress 5.0.1+dfsg1-1 (bookworm)

▶NVDwordpress/wordpress5.0 — 5.0.1+1

▶Debianwordpress/wordpress< 5.0.1+dfsg1-1+3

Also affects: Debian Linux 8.0, 9.0

GHSA

GHSA-w8h5-qp6m-vfm9: In WordPress before 4↗2022-05-14

▶

OSV

CVE-2018-20153: In WordPress before 4↗2018-12-14

▶

Debian

CVE-2018-20153: wordpress - In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new co...↗2018

▶