CVE-2018-14846

NONE EPSS 61.5%
Published Dec 20, 20187y ago ยท Modified Jun 17, 20262w ago
Find Similar
Published Dec 20, 2018 7y ago
Last Modified Jun 17, 2026 2w ago

Description

The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php.

Threat Intelligence

EPSS Exploit Probability
61.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
mondulamulti_step_form* <1.2.8

References 3

  • ansawaf.blogspot.com https://ansawaf.blogspot.com/2018/10/cve-2018-14846-multiple-stored-xss-in.html
    ExploitThird Party Advisory
  • cwatch.comodo.com https://cwatch.comodo.com/blog/website-security/vulnerability-found-in-multiple-stored-xss-form-in-wordpress-version-1-2-5/
    ExploitPatchThird Party Advisory
  • wpvulndb.com https://wpvulndb.com/vulnerabilities/9186
    ExploitPatchThird Party Advisory

Remediation

  • cwatch.comodo.com https://cwatch.comodo.com/blog/website-security/vulnerability-found-in-multiple-stored-xss-form-in-wordpress-version-1-2-5/
    ExploitPatchThird Party Advisory
  • wpvulndb.com https://wpvulndb.com/vulnerabilities/9186
    ExploitPatchThird Party Advisory