CVE-2020-8799

4.8MEDIUM

Key Information:

Vendor: Wordpress
Status: Wti Like Post
Vendor: CVE Published:; 5 May 2020

Summary

A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website.

References

https://wordpress.org/plugins/wti-like-post/#developers

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/10210

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 5, 2020
Vulnerability Reserved
Feb 7, 2020