XSS Vulnerabilities in User Role Plugin for WordPress
CVE-2017-18566

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
User Role
Vendor
CVE Published:
20 August 2019

Summary

The User Role Plugin for WordPress prior to version 1.5.6 contains multiple Cross-Site Scripting (XSS) vulnerabilities, which could allow attackers to inject malicious scripts into web pages viewed by other users. These vulnerabilities pose significant risks to the integrity of web applications using this plugin, as they can lead to unauthorized information disclosure or session hijacking. It is crucial for users of the plugin to upgrade to the latest version to mitigate these security risks.

References

https://wordpress.org/plugins/user-role/#developers
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.