Cross-Site Scripting in Webhammer WP Custom Fields Search Plugin for WordPress
CVE-2017-9419

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: WP-custom-fields-search
Vendor: CVE Published:; 15 June 2017

What is CVE-2017-9419?

The Webhammer WP Custom Fields Search plugin version 0.3.28 for WordPress contains a vulnerability that allows remote attackers to execute arbitrary JavaScript code via the 'cs-all-0' parameter. This cross-site scripting (XSS) flaw can be exploited to compromise the security of websites using this plugin, potentially leading to unauthorized access and manipulation of user data.

References

https://wpvulndb.com/vulnerabilities/8848

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2017
Vulnerability Reserved
Jun 3, 2017

Wordpress

What is CVE-2017-9419?

References

CVSS V3.1

Timeline