CVE-2018-11709

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
WPforo Forum
Vendor
CVE Published:
4 June 2018

Summary

wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.

References

https://wpvulndb.com/vulnerabilities/9090
x_refsource_MISC
https://blog.dewhurstsecurity.com/2018/06/01/wp-foro-word...
x_refsource_MISC
https://wordpress.org/plugins/wpforo/#developers
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.