Cross-Site Scripting in Read-and-Understood Plugin for WordPress
CVE-2018-5667
4.8MEDIUM
Summary
A Cross-Site Scripting (XSS) vulnerability exists in version 2.1 of the Read-and-Understood plugin for WordPress. This flaw allows attackers to inject malicious scripts via the 'rnu_username_validation_pattern' parameter in the wp-admin/options-general.php interface. Successful exploitation could enable unauthorized actions or data manipulation by executing scripts in the context of the user's session, posing significant risks to website integrity and user security.
References
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability Reserved
Vulnerability published