Cross-Site Scripting in Kiboko Hostel Plugin for WordPress
CVE-2019-12345

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Hostel
Vendor
CVE Published:
27 May 2019

Summary

An XSS vulnerability exists in the Kiboko Hostel plugin prior to version 1.1.4 for WordPress. This issue allows attackers to inject malicious scripts into web pages viewed by users. If exploited, it could lead to user information compromise and unauthorized actions within the application. Website administrators are advised to update the plugin to mitigate potential risks.

References

https://wordpress.org/plugins/hostel/#developers
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/9289
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.