Published: 16/04/2018 Updated: 18/05/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 385

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress
debian debian linux 9.0
debian debian linux 8.0

Debian Bug report logs - #895034 wordpress: CVE-2018-10100 CVE-2018-10101 CVE-2018-10102 Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Craig Small <csmall@debianorg> Date: Fri, 6 Apr 2018 12:30:01 UTC Severity: grave Tags: fixed-upstream, security, upstream F ...

Several vulnerabilities were discovered in wordpress, a web blogging tool, which could allow remote attackers to compromise a site via cross-site scripting, bypass restrictions or unsafe redirects More information can be found in the upstream advisory at wordpressorg/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/ For the o ...

CWE-79 https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d https://core.trac.wordpress.org/changeset/42893 https://codex.wordpress.org/Version_4.9.5 https://wpvulndb.com/vulnerabilities/9055 http://www.securityfocus.com/bid/103775 https://lists.debian.org/debian-lts-announce/2018/04/msg00031.html https://www.debian.org/security/2018/dsa-4193 http://www.securitytracker.com/id/1040836 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895034 https://nvd.nist.gov https://www.debian.org/security/./dsa-4193

CVE-2018-10102

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect