Cross-Site Scripting Bug in Content Cards Plugin by WordPress
CVE-2017-17096

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Content Cards
Vendor: CVE Published:; 3 December 2017

Summary

The Content Cards plugin for WordPress is susceptible to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary JavaScript code. This can be exploited by crafting malicious OpenGraph data, potentially leading to unauthorized actions on behalf of users or compromising their data. It is crucial for users of the plugin to upgrade to the latest version to mitigate these risks.

References

https://wpvulndb.com/vulnerabilities/8971

x_refsource_MISC

https://wordpress.org/plugins/content-cards/#developers

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 3, 2017
Vulnerability Reserved
Dec 3, 2017