VID |
210171 |
Severity |
20 |
Port |
80, ... |
Protocol |
TCP |
Class |
CGI |
Detailed Description |
According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.9.9. It is, therefore, affected by a cross-site scripting (XSS) vulnerability due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.
* References: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
* Platforms Affected: WordPress prior to 4.9.9 Any operating system Any version |
Recommendation |
Upgrade to the version (4.9.9 or later) fixed this vulnerability, available from the WordPress Download Web page at http://wordpress.org/download/ |
Related URL |
CVE-2018-20147,CVE-2018-20148,CVE-2018-20149,CVE-2018-20150,CVE-2018-20151,CVE-2018-20152,CVE-2018-20153 (CVE) |
Related URL |
(SecurityFocus) |
Related URL |
(ISS) |
|