// For flags

CVE-2018-1000556

 

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacker must craft an URL with payload and send to the user. Victim need to open the link to be affected by reflected XSS. .

WordPress en versiones 4.8 y posteriores contiene una vulnerabilidad Cross-Site Scripting (XSS) en plugins.php o core wordpress en la función delete, lo que puede resultar en que un atacante pueda realizar ataques del lado del cliente, pudiendo ser desde el robo de una cookie hasta la inyección de código. Este ataque parece ser explotable mediante un atacante que tiene que crear una URL con una carga útil y enviarla al usuario. La víctima necesita abrir el enlace para que se vea afectado por el Cross-Site Scripting (XSS) reflejado. .

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-03-05 CVE Reserved
  • 2018-06-26 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Veronalabs
Search vendor "Veronalabs"
 Wp Statistics
Search vendor "Veronalabs" for product "Wp Statistics"
 < 12.0.6
Search vendor "Veronalabs" for product "Wp Statistics" and version " < 12.0.6"
wordpress
Affected