CVE-2018-8729
NONE EPSS 92.0%
Published Mar 15, 20188y ago · Modified Jun 17, 20262w ago
Published Mar 15, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped.
Threat Intelligence
EPSS Exploit Probability
92.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| pojo | activity_log | * | <2.4.1 |
References 5
- github.com https://github.com/pojome/activity-log/commit/950c46b2290c991187ff3471640e9688b16908fb
- github.com https://github.com/pojome/activity-log/commit/e7bcd12fcb0add82bed762a971f427a360664bd9
- plugins.trac.wordpress.org https://plugins.trac.wordpress.org/changeset/1836276
- wordpress.org https://wordpress.org/plugins/aryo-activity-log/#developers
- exploit-db.com https://www.exploit-db.com/exploits/44437/
Remediation
- github.com https://github.com/pojome/activity-log/commit/950c46b2290c991187ff3471640e9688b16908fb
- github.com https://github.com/pojome/activity-log/commit/e7bcd12fcb0add82bed762a971f427a360664bd9
- plugins.trac.wordpress.org https://plugins.trac.wordpress.org/changeset/1836276