CVE-2018-18460

Sažetak

XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request.

Reference

https://wordpress.org/plugins/wp-live-chat-support/#developers
https://github.com/rakjong/vuln/blob/master/wordpress_wp-live-chat-support_XSS.pdf

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

26-05-2023 - 18:55

Objavljeno

18-10-2018 - 06:29