Vulnerability Details CVE-2017-18012
The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://packetstormsecurity.com/files/145218/WordPress-Z-URL-Preview-1.6.1-Cross-Site-Scripting.html
- https://plugins.svn.wordpress.org/z-url-preview/trunk/readme.txt
- https://wordpress.org/plugins/z-url-preview/#developers
- https://wordpress.org/support/topic/z-url-preview-1-6-1-cross-site-scripting/
- https://wpvulndb.com/vulnerabilities/8990
- https://packetstormsecurity.com/files/145218/WordPress-Z-URL-Preview-1.6.1-Cross-Site-Scripting.html
- https://plugins.svn.wordpress.org/z-url-preview/trunk/readme.txt
- https://wordpress.org/plugins/z-url-preview/#developers
- https://wordpress.org/support/topic/z-url-preview-1-6-1-cross-site-scripting/
- https://wpvulndb.com/vulnerabilities/8990
Products affected by CVE-2017-18012
-
cpe:2.3:a:z-url_preview_project:z-url_preview:1.6.1