CVE-2017-18524 — The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues. | CVE Daily

Medium CVSS 6.1

Overview

The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues.

CWE: CWE-79 Published: 2019-08-20T16:15:11.690

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.1 (MEDIUM)
Detected tags: wordpress, xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags