CVE-2018-5776 — Cross-site Scripting in Wordpress

Severity

6.1MEDIUMNVD

EPSS

3.1%

top 13.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJan 18

Latest updateMay 14

Description

WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

▶debiandebian/wordpress< wordpress 4.9.2+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 4.9.2+dfsg-1+3

GHSA

GHSA-gmjx-3rgm-r63g: WordPress before 4↗2022-05-14

▶

OSV

CVE-2018-5776: WordPress before 4↗2018-01-18

▶

Debian

CVE-2018-5776: wordpress - WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (unde...↗2018

▶