CVE-2018-1000512

Name of the Vulnerable Software and Affected Versions Tooltipy Tooltipy (tooltips for WP) versions prior to 5.1

Description The issue allows for Cross Site Scripting (XSS) in the Glossary shortcode, potentially enabling an attacker to perform actions with admin privileges. The attack is exploitable when an admin follows a link.

Recommendations For versions prior to 5.1, update to version 5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Glossary shortcode until the update is applied. Avoid following suspicious links, especially when logged in as an admin.