CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-20008

The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.5%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://plugins.trac.wordpress.org/changeset/1639363/mycred
https://wpscan.com/vulnerability/3175c56d-27bb-4bf1-b6ba-737541483d40
https://plugins.trac.wordpress.org/changeset/1639363/mycred
https://wpscan.com/vulnerability/3175c56d-27bb-4bf1-b6ba-737541483d40

Products affected by CVE-2017-20008

Mycred » Mycred » Version: N/A

cpe:2.3:a:mycred:mycred:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-20008

Products

Pricing

Contact Us