Cross-Site Scripting in Tabs-Responsive Plugin for WordPress
CVE-2018-5312

5.4MEDIUM

Key Information:

Vendor
Wordpress
Status
Tabs Responsive
Vendor
CVE Published:
9 January 2018

Summary

The Tabs-Responsive Plugin version 1.8.0 for WordPress is susceptible to Cross-Site Scripting (XSS) attacks. This vulnerability allows an attacker to inject malicious scripts via the 'post_title' parameter in wp-admin/post.php, potentially compromising user data and site integrity. Users of this plugin should take immediate action to mitigate risks associated with this security flaw.

References

https://github.com/d4wner/Vulnerabilities-Report/blob/mas...
x_refsource_MISC
https://wordpress.org/support/topic/stored-xss-bugs-at-th...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.