Cross-Site Scripting Vulnerability in Site Reviews by WordPress
CVE-2018-0603

6.1MEDIUM

Key Information:

Vendor

WordPress
Status
Site Reviews
Vendor
CVE Published:
26 June 2018

What is CVE-2018-0603?

The Site Reviews plugin for WordPress has a cross-site scripting vulnerability that enables remote attackers to inject arbitrary web scripts or HTML. This exploitation can occur through unspecified vectors, posing risks to user data and site integrity. It is crucial for users of affected versions to update to version 2.15.3 or later to mitigate these security risks.

Affected Version(s)

Site Reviews prior to version 2.15.3

References

https://wpvulndb.com/vulnerabilities/9102
x_refsource_MISC
http://jvn.jp/en/jp/JVN60978548/index.html
third-party-advisoryx_refsource_JVN
https://wordpress.org/plugins/site-reviews/#developers
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-0603 : Cross-Site Scripting Vulnerability in Site Reviews by WordPress