Published: 16/04/2018 Updated: 07/03/2019

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 517

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress
debian debian linux 9.0
debian debian linux 8.0

Debian Bug report logs - #895034 wordpress: CVE-2018-10100 CVE-2018-10101 CVE-2018-10102 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Craig Small <csmall@debianorg> Date: Fri, 6 Apr 2018 12:30:01 UTC Severity: grave Tags: fixed-upstream, security, upstream F ...

Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions or unsafe redirects More information can be found in the upstream advisory at wordpressorg/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/ For the o ...

CWE-601 https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216 https://core.trac.wordpress.org/changeset/42894 https://codex.wordpress.org/Version_4.9.5 https://wpvulndb.com/vulnerabilities/9053 https://www.debian.org/security/2018/dsa-4193 http://www.securitytracker.com/id/1040836 http://www.securityfocus.com/bid/104350 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895034 https://nvd.nist.gov https://www.debian.org/security/./dsa-4193

CVE-2018-10101

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect