CVE-2018-14071 - OpenCVE

The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cyberhobo	Geo Mashup

Configuration 1 [-]

cpe:2.3:a:cyberhobo:geo_mashup:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://github.com/cyberhobo/wordpress-geo-mashup/blob/master/readme.txt
https://github.com/cyberhobo/wordpress-geo-mashup/commit/838e2fe15a2328f5ae3dfc75d90e420509286f2f
https://github.com/cyberhobo/wordpress-geo-mashup/issues/817

History

Wed, 25 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cyberhobo Cyberhobo geo Mashup
CPEs	cpe:2.3:a:geo_mashup_project:geo_mashup::::::wordpress::*	cpe:2.3:a:cyberhobo:geo_mashup::::::wordpress::*
Vendors & Products	Geo Mashup Project Geo Mashup Project geo Mashup	Cyberhobo Cyberhobo geo Mashup

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-07-16T13:00:00

Updated: 2024-08-05T09:21:40.930Z

Reserved: 2018-07-15T00:00:00

Link: CVE-2018-14071

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-07-16T13:29:00.397

Modified: 2024-09-25T13:10:58.457

Link: CVE-2018-14071

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-07-16T00:00:00", "descriptions": [{"lang": "en", "value": "The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-16T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/cyberhobo/wordpress-geo-mashup/issues/817"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/cyberhobo/wordpress-geo-mashup/commit/838e2fe15a2328f5ae3dfc75d90e420509286f2f"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/cyberhobo/wordpress-geo-mashup/blob/master/readme.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14071", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/cyberhobo/wordpress-geo-mashup/issues/817", "refsource": "MISC", "url": "https://github.com/cyberhobo/wordpress-geo-mashup/issues/817"}, {"name": "https://github.com/cyberhobo/wordpress-geo-mashup/commit/838e2fe15a2328f5ae3dfc75d90e420509286f2f", "refsource": "MISC", "url": "https://github.com/cyberhobo/wordpress-geo-mashup/commit/838e2fe15a2328f5ae3dfc75d90e420509286f2f"}, {"name": "https://github.com/cyberhobo/wordpress-geo-mashup/blob/master/readme.txt", "refsource": "MISC", "url": "https://github.com/cyberhobo/wordpress-geo-mashup/blob/master/readme.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:21:40.930Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/cyberhobo/wordpress-geo-mashup/issues/817"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/cyberhobo/wordpress-geo-mashup/commit/838e2fe15a2328f5ae3dfc75d90e420509286f2f"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/cyberhobo/wordpress-geo-mashup/blob/master/readme.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14071", "datePublished": "2018-07-16T13:00:00", "dateReserved": "2018-07-15T00:00:00", "dateUpdated": "2024-08-05T09:21:40.930Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cyberhobo:geo_mashup:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CEE4754C-5FAB-4490-BA1C-120C2C87F2B1", "versionEndExcluding": "1.10.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input."}, {"lang": "es", "value": "El plugin Geo Mashup en versiones anteriores a la 1.10.4 para WordPress tiene un saneamiento insuficiente de post editor y otras entradas del usuario."}], "id": "CVE-2018-14071", "lastModified": "2024-09-25T13:10:58.457", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-16T13:29:00.397", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/cyberhobo/wordpress-geo-mashup/blob/master/readme.txt"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/cyberhobo/wordpress-geo-mashup/commit/838e2fe15a2328f5ae3dfc75d90e420509286f2f"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/cyberhobo/wordpress-geo-mashup/issues/817"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}