CVE-2018-10310
Last modified
CVE-2018-10310 is a vulnerability of currently unknown severity. A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.. EPSS estimates a 3.89% chance of exploitation in the next 30 days.
Description
A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Catapultthemes | Cookie Consent | < 2.3.10 |
References
- http://packetstormsecurity.com/files/147333/WordPress-UK-Cookie-Consent-2.3.9-Cross-Site-Scripting.htmlThird Party Advisory, VDB Entry
- https://gist.github.com/B0UG/9732614abccaf2893c352d14c822d07bThird Party Advisory
- https://wordpress.org/plugins/uk-cookie-consent/#developersProduct, Release Notes
- https://www.exploit-db.com/exploits/44503/Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/147333/WordPress-UK-Cookie-Consent-2.3.9-Cross-Site-Scripting.htmlThird Party Advisory, VDB Entry
- https://gist.github.com/B0UG/9732614abccaf2893c352d14c822d07bThird Party Advisory
- https://wordpress.org/plugins/uk-cookie-consent/#developersProduct, Release Notes
- https://www.exploit-db.com/exploits/44503/Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-10310?
How severe is CVE-2018-10310?
How do I fix CVE-2018-10310?
Are you affected by CVE-2018-10310?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST