CVE-2018-8729

NONE EPSS 92.0%
Published Mar 15, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 15, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped.

Threat Intelligence

EPSS Exploit Probability
92.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
pojoactivity_log* <2.4.1

References 5

  • github.com https://github.com/pojome/activity-log/commit/950c46b2290c991187ff3471640e9688b16908fb
    PatchThird Party Advisory
  • github.com https://github.com/pojome/activity-log/commit/e7bcd12fcb0add82bed762a971f427a360664bd9
    PatchRelease NotesThird Party Advisory
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/changeset/1836276
    PatchThird Party Advisory
  • wordpress.org https://wordpress.org/plugins/aryo-activity-log/#developers
    Release NotesThird Party Advisory
  • exploit-db.com https://www.exploit-db.com/exploits/44437/
    ExploitThird Party AdvisoryVDB Entry

Remediation

  • github.com https://github.com/pojome/activity-log/commit/950c46b2290c991187ff3471640e9688b16908fb
    PatchThird Party Advisory
  • github.com https://github.com/pojome/activity-log/commit/e7bcd12fcb0add82bed762a971f427a360664bd9
    PatchRelease NotesThird Party Advisory
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/changeset/1836276
    PatchThird Party Advisory