Vulnerability Details CVE-2018-20838
ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://ampforwp.com/critical-security-issues-has-been-fixed-in-0-9-97-20-version/
- https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/changelog.txt
- https://wordpress.org/plugins/accelerated-mobile-pages/#developers
- https://www.wordfence.com/blog/2018/11/xss-injection-campaign-exploits-wordpress-amp-plugin/
- https://ampforwp.com/critical-security-issues-has-been-fixed-in-0-9-97-20-version/
- https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/changelog.txt
- https://wordpress.org/plugins/accelerated-mobile-pages/#developers
- https://www.wordfence.com/blog/2018/11/xss-injection-campaign-exploits-wordpress-amp-plugin/
Products affected by CVE-2018-20838
-
cpe:2.3:a:magazine3:amp_for_wp:0.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.2
-
cpe:2.3:a:magazine3:amp_for_wp:0.2.5
-
cpe:2.3:a:magazine3:amp_for_wp:0.3
-
cpe:2.3:a:magazine3:amp_for_wp:0.4
-
cpe:2.3:a:magazine3:amp_for_wp:0.5
-
cpe:2.3:a:magazine3:amp_for_wp:0.6
-
cpe:2.3:a:magazine3:amp_for_wp:0.7
-
cpe:2.3:a:magazine3:amp_for_wp:0.7.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.7.5
-
cpe:2.3:a:magazine3:amp_for_wp:0.7.6
-
cpe:2.3:a:magazine3:amp_for_wp:0.7.7
-
cpe:2.3:a:magazine3:amp_for_wp:0.8
-
cpe:2.3:a:magazine3:amp_for_wp:0.8.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.8.2
-
cpe:2.3:a:magazine3:amp_for_wp:0.8.3
-
cpe:2.3:a:magazine3:amp_for_wp:0.8.4
-
cpe:2.3:a:magazine3:amp_for_wp:0.8.5
-
cpe:2.3:a:magazine3:amp_for_wp:0.8.5.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.8.5.2
-
cpe:2.3:a:magazine3:amp_for_wp:0.8.5.3
-
cpe:2.3:a:magazine3:amp_for_wp:0.8.6
-
cpe:2.3:a:magazine3:amp_for_wp:0.8.6.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.8.7
-
cpe:2.3:a:magazine3:amp_for_wp:0.8.8
-
cpe:2.3:a:magazine3:amp_for_wp:0.9
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.1.2
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.2
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.2.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.2.2
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.3
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.31
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.32
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.33
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.34
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.35
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.36
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.37
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.38
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.40
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.41
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.42
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.43.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.43.5
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.43.6
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.44
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.45
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.45.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.45.3
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.45.5
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.45.6
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.47
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.47.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.47.2
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.48
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.49
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.50
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.51
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.51.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.53
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.54
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.54.2
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.55
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.56
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.57
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.58
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.58.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.59
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.60
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.61
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.62
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.63
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.64
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.65
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.65.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.65.2
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.66.0
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.66.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.67.0
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.68
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.69
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.70
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.71
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.72
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.73
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.74
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.80
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.81
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.82
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.82.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.83
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.83.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.84
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.85
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.85.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.85.2
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.85.3
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.85.5
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.86
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.86.1
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.96
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97.10
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97.11
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97.12
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97.13
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97.14
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97.15
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97.16
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97.17
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97.18
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97.19
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97.20
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97.4
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97.5
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97.6
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97.7
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97.8
-
cpe:2.3:a:magazine3:amp_for_wp:0.9.97.9