Cross-Site Scripting Vulnerability in WP Retina 2x by WordPress
CVE-2018-0511

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: WP Retina 2x
Vendor: CVE Published:; 1 February 2018

Summary

The WP Retina 2x plugin for WordPress contains a cross-site scripting vulnerability that allows attackers to inject arbitrary web scripts or HTML through unspecified vectors. This could potentially lead to unauthorized access or manipulation of user data. To mitigate this risk, users are advised to update to version 5.2.2 or later, which addresses the security flaw.

Affected Version(s)

WP Retina 2x prior to version 5.2.2

References

https://plugins.trac.wordpress.org/changeset/1802137/#file1

x_refsource_CONFIRM

https://jvn.jp/en/jp/JVN30636823/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 1, 2018
Vulnerability Reserved
Nov 27, 2017