CVE-2018-17884

CVE-2018-17884

EPSS 1.2%

XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://seclists.org/bugtraq/2018/Jul/74 https://wordpress.org/plugins/gwolle-gb/#developers http://www.defensecode.com/advisories/DC-2018-05-008_WordPress_Gwolle_Guestbook_Plugin_Advisory.pdf