Skip to main content
CVE-2018-11709 MEDIUM POC This Month

wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP Wpforo Forum
NVD
CVSS 3.0
6.1
EPSS
3.6%
CVE-2018-11715 MEDIUM POC This Month

The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Recent Threads
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.7%
CVE-2018-11713 MEDIUM PATCH This Month

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apple Webkitgtk Libsoup
NVD
CVSS 3.0
6.5
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy