CVE-2018-1000556

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: WP Statistics
Vendor: CVE Published:; 26 June 2018

Summary

WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacker must craft an URL with payload and send to the user. Victim need to open the link to be affected by reflected XSS. .

References

https://www.pluginvulnerabilities.com/2017/04/28/reflecte...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 26, 2018
Vulnerability Reserved
Mar 5, 2018