CVE-2018-5366

Description

The WPGlobus plugin 1.9.6 for WordPress has XSS via the `wpglobus_option[more_languages]` parameter to `wp-admin/options.php`.

Affected packages (1)

• Packagist/wpglobus/wpglobusfrom 0, < 1.9.7

CVSS scores

References (4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-5366
• PATCHhttps://github.com/WPGlobus/WPGlobus
• WEBhttps://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md
• WEBhttps://wpvulndb.com/vulnerabilities/9003