PT-2018-16889 · WordPress · Responsive Tabs
Published
2018-01-09
·
Updated
2018-01-26
·
CVE-2018-5312
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
tabs-responsive plugin version 1.8.0
Description
The issue concerns a security problem where an attacker can exploit the
post title parameter in the wp-admin/post.php endpoint to execute malicious scripts.Recommendations
For tabs-responsive plugin version 1.8.0, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the
wp-admin/post.php endpoint to minimize the risk of exploitation. Avoid using the post title parameter in the affected endpoint until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Responsive Tabs