Main Vulnerability Database Vulnerabilities #VU12401

Security restrictions bypass in WordPress - CVE-2018-10101

Published: May 8, 2018

Vulnerability identifier: #VU12401

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-10101

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: WordPress.ORG

Affected software:
WordPress

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. A remote attacker can bypass security restrictions.

How to mitigate CVE-2018-10101

Update to version 4.9.5.

Sources

https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/

Security restrictions bypass in WordPress - CVE-2018-10101

Detailed vulnerability description

How to mitigate CVE-2018-10101

Sources

Please verify you're human