CVE-2018-1000505

Name: CVE-2018-1000505
Creator: NVD / NIST
Published: 2018-06-26T16:29:00.617+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.53%

Last modified Jun 17, 2026

CVE-2018-1000505 is a vulnerability of currently unknown severity. Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. EPSS estimates a 0.53% chance of exploitation in the next 30 days.

Description

Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1.

Metrics

EPSS Probability

0.53%

40.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-352

Affected Software

Vendor	Product	Versions
Tooltipy	Tooltipy	5.0

References

https://advisories.dxw.com/advisories/csrf-in-tooltipy/Exploit, Third Party Advisory
https://advisories.dxw.com/advisories/csrf-in-tooltipy/Exploit, Third Party Advisory

Timeline

Published: Jun 26, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-1000505?

How severe is CVE-2018-1000505?

Severity scoring for CVE-2018-1000505 is pending analysis. The EPSS model estimates a 0.53% probability of exploitation in the next 30 days.

How do I fix CVE-2018-1000505?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-1000505?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST