XSS Vulnerability in GD Rating System Plugin by WordPress
CVE-2018-5292

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Gd Rating System
Vendor
CVE Published:
8 January 2018
đź”” Create Wordpress Vulnerability Alert

What is CVE-2018-5292?

The GD Rating System plugin version 2.3 for WordPress is susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw arises in the admin panel due to improper validation of input parameters on the gd-rating-system-information page. An attacker could exploit this vulnerability to execute arbitrary scripts in the context of users viewing the affected page, potentially compromising user accounts and sensitive data.

References

https://wpvulndb.com/vulnerabilities/8995
x_refsource_MISC
https://github.com/d4wner/Vulnerabilities-Report/blob/mas...
x_refsource_MISC
https://wordpress.org/support/topic/xss-lfi-bugs-at-the-l...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2018-5292 : XSS Vulnerability in GD Rating System Plugin by WordPress