CVE-2018-16285

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Userpro
Vendor: CVE Published:; 6 September 2018

Summary

The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php.

References

https://wpvulndb.com/vulnerabilities/9124

x_refsource_MISC

https://risataim.blogspot.com/2018/09/xss-en-plugin-userp...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 6, 2018
Vulnerability Reserved
Aug 31, 2018