Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2017-18554

Good to know:

icon

Date: August 21, 2019

The analytics-tracker plugin before 1.1.1 for WordPress has XSS via a search event.

Language: PHP

Severity Score

Related Resources (3)

https://wordpress.org/plugins/analytics-tracker/#developers
https://nvd.nist.gov/vuln/detail/CVE-2017-18554
https://www.mend.io/vulnerability-database/CVE-2017-18554

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

icon

Upgrade Version

Upgrade to version bonnier/wp-bonnier-redirect - no_fix;bonnier/wp-bonnier-redirect - dev-fix/set-host-redirect;bonnier/wp-bonnier-redirect - v.1.3.1;bonnier/wp-bonnier-redirect - dev-wp-bonnier-redirect-4.13.12;bonnier/wp-bonnier-redirect - dev-upgrade-acf-to-5.12.2;bonnier/wp-bonnier-redirect - dev-redirect-bug-changes;bonnier/wp-bonnier-redirect - 2.0.0;bonnier/wp-bonnier-redirect - dev-VOLD-627/dont-show-redirect-errors;bonnier/wp-bonnier-redirect - dev-IVD;fortawesome/wordpress-fontawesome - dev-dependabot/npm_and_yarn/admin/loader-utils-1.4.1;fortawesome/wordpress-fontawesome - dev-4-0-1-pre;fortawesome/wordpress-fontawesome - dev-bugfixes;fortawesome/wordpress-fontawesome - dev-fix-fallback-react-loading;fortawesome/wordpress-fontawesome - dev-dependabot/npm_and_yarn/admin/plist-3.0.4;fortawesome/wordpress-fontawesome - dev-dependabot/npm_and_yarn/admin/follow-redirects-1.14.8;fortawesome/wordpress-fontawesome - dev-conditional-media-button;fortawesome/wordpress-fontawesome - dev-dependabot/npm_and_yarn/admin/terser-4.8.1;fortawesome/wordpress-fontawesome - dev-dependabot/npm_and_yarn/admin/minimist-1.2.6;fortawesome/wordpress-fontawesome - dev-update-wp-docs-4-release;fortawesome/wordpress-fontawesome - dev-timeout-and-cleanup;fortawesome/wordpress-fontawesome - dev-more-diagnostic-output;fortawesome/wordpress-fontawesome - dev-enable-icon-chooser-wp4;fortawesome/wordpress-fontawesome - dev-v6-readme;fortawesome/wordpress-fontawesome - dev-handle-5x-6x-kit-versions;fortawesome/wordpress-fontawesome - dev-fix-shortcode-processing;fortawesome/wordpress-fontawesome - dev-icon-chooser-ux;fortawesome/wordpress-fontawesome - dev-dependabot/npm_and_yarn/admin/moment-2.29.2;fortawesome/wordpress-fontawesome - dev-dependabot/npm_and_yarn/docsrv/qs-and-express-6.11.0;fortawesome/wordpress-fontawesome - dev-no-metadata-refresh-on-upgrade;fortawesome/wordpress-fontawesome - no_fix;fortawesome/wordpress-fontawesome - dev-dynamic-webpack-path;fortawesome/wordpress-fontawesome - dev-dependabot/npm_and_yarn/admin/decode-uri-component-0.2.2;fortawesome/wordpress-fontawesome - dev-update-icon-chooser;fortawesome/wordpress-fontawesome - dev-remove-do-shortcode-widget-text;newcool/growtype-wc - no_fix;anspress/anspress - 3.0.2;anspress/anspress - dev-dependabot/npm_and_yarn/grunt-1.5.2;anspress/anspress - dev-srunitizer;anspress/anspress - 1.0;anspress/anspress - 4.0.0-alpha.1;anspress/anspress - 2.0.5-1;anspress/anspress - no_fix;anspress/anspress - 3.0.0-alpha2;anspress/anspress - 2.2-beta;anspress/anspress - dev-dependabot/composer/guzzlehttp/psr7-2.2.1;anspress/anspress - 1.1;anspress/anspress - 2.0.0-alpha;newcool/growtype-form - no_fix;austinheap/wordpress-security-txt - v1.0.1;axelspringer/wp-http - no_fix;wpsmith/genesis-archive-settings - no_fix;wpsmith/site - no_fix;s3rgiosan/wpnetscope - 1.2.4;pixelgrade/nova-blocks - dev-try/move-color-signal-to-package;pixelgrade/nova-blocks - dev-dev;pixelgrade/nova-blocks - dev-release/2.0.0;pixelgrade/nova-blocks - dev-tweaks/felt-theme;pixelgrade/nova-blocks - dev-add/cpt-metafields-block;pixelgrade/nova-blocks - dev-try/refactor-grid-layout;pixelgrade/nova-blocks - dev-try/supernova-layout-fix;pixelgrade/nova-blocks - dev-dependabot/npm_and_yarn/nanoid-3.2.0;pixelgrade/nova-blocks - dev-extend/fse-layout;pixelgrade/nova-blocks - dev-try/improve-supernova-layout;pixelgrade/nova-blocks - dev-dependabot/npm_and_yarn/packages/block-editor/moment-2.29.3;pixelgrade/nova-blocks - dev-dependabot/npm_and_yarn/packages/block-editor/minimist-1.2.6;pixelgrade/nova-blocks - dev-try/better-mobile-carousel;pixelgrade/nova-blocks - dev-new/list-block-features;pixelgrade/nova-blocks - no_fix;pixelgrade/nova-blocks - dev-fix/block-alignment-breakout;pixelgrade/nova-blocks - dev-dependabot/npm_and_yarn/packages/block-editor/lodash-4.17.21;pixelgrade/nova-blocks - 1.11.0;pixelgrade/nova-blocks - dev-dependabot/npm_and_yarn/packages/block-editor/path-parse-1.0.7;pixelgrade/nova-blocks - dev-dependabot/npm_and_yarn/moment-2.29.2;pixelgrade/nova-blocks - dev-release/1.13.4;pixelgrade/nova-blocks - 1.10.0;pixelgrade/nova-blocks - dev-dependabot/npm_and_yarn/packages/core/moment-timezone-0.5.37;pixelgrade/nova-blocks - dev-try/explore-duotones-improvements;pixelgrade/nova-blocks - dev-try/improve-doppler;pixelgrade/nova-blocks - 1.12.5;pixelgrade/nova-blocks - dev-dependabot/npm_and_yarn/packages/components/moment-2.29.2;pixelgrade/nova-blocks - dev-master;pixelgrade/nova-blocks - dev-dependabot/npm_and_yarn/ajv-6.12.6;tombroucke/otomaties-social-media-picture-generator - no_fix;wpsmith/plugin - 1.1.1;wpsmith/plugin - 0.0.2;apiki/wordpress-seo-rest - v1.2.3;apiki/wordpress-seo-rest - v1.1.5;apiki/wordpress-seo-rest - v1.2.5;apiki/wordpress-seo-rest - v1.0.1;apiki/wordpress-seo-rest - v1.2.0;apiki/wordpress-seo-rest - v0.2.2;apiki/wordpress-seo-rest - v1.1.3;apiki/wordpress-seo-rest - v1.1.6;apiki/wordpress-seo-rest - v0.2.1;apiki/wordpress-seo-rest - v0.2.0;apiki/wordpress-seo-rest - v1.0.2;apiki/wordpress-seo-rest - v1.1.4;apiki/wordpress-seo-rest - v1.2.4;apiki/wordpress-seo-rest - v1.1.2;logoscon/post-glue - no_fix;axelspringer/wp-akamai - no_fix;s3rgiosan/cmb2-plus - no_fix;messageagency/wp-composer-base - no_fix;messageagency/wp-composer-base - dev-clu-2023-05-25-05-24;wpsmith/script - 0.0.3;wpsmith/datastore - no_fix;wpsmith/utils - no_fix;wpsmith/user - 0.0.5;wpsmith/user - 1.1.0;viget/wordpress-site-starter - dev-bd/69-page-header-component;viget/wordpress-site-starter - dev-ns/46-build-bug;viget/wordpress-site-starter - 0.1.0;viget/wordpress-site-starter - dev-bd/na-misc-bug-fixes;viget/wordpress-site-starter - dev-ns/readme-update;viget/wordpress-site-starter - no_fix;viget/wordpress-site-starter - dev-bd/na-more-fixes;viget/wordpress-site-starter - dev-main;viget/wordpress-site-starter - dev-ns/67-header-style;newcool/growtype-carousel - no_fix;dooioomoo/clayball - 1.67;dooioomoo/clayball - 1.5;wpsmith/widget - no_fix;conedevelopment/simplepay-gateway - v2.5.1;conedevelopment/simplepay-gateway - v2.4.8;conedevelopment/simplepay-gateway - no_fix;newcool/growtype-post - no_fix;tombroucke/otomaties-cookie-consent - no_fix;tombroucke/otomaties-cookie-consent - dev-master;wpsmith/genesis-child - no_fix;logoscon/wpstatuscake - no_fix;wpsmith/posttypes - no_fix;logoscon/papi-compatibility-for-wpml - no_fix;plugin/pdc-faq - dev-fix/metabox-group;plugin/pdc-faq - 1.0;plugin/pdc-faq - no_fix;wpsmith/taxonomy - no_fix;boxuk/gdpr - no_fix;algolia/algoliasearch-wordpress - 0.0.1;algolia/algoliasearch-wordpress - 2.11.3;newcool/growtype-search - no_fix;s3rgiosan/wpcustomize-api-plus - no_fix;logoscon/google-docs-oembed - no_fix;s3rgiosan/wpzeerat - 1.1.0;logoscon/acf-plus - no_fix;logoscon/acf-plus - 0.1.0;newcool/growtype-cpt - no_fix;plugin/pdc-base - dev-fix/links-shortcode;plugin/pdc-base - dev-feature/add-file-size;plugin/pdc-base - v3.3.0;plugin/pdc-base - dev-feature/postdata-and-portal-url;plugin/pdc-base - dev-localhost-install-dev;plugin/pdc-base - dev-fix/url-escape;wpsmith/posttype - no_fix;wpsmith/posttype - 0.0.13;wpsmith/http2 - 1.0.1;dwnload/wp-settings-api - 2.4.0;thepinecode/simplepay-gateway - no_fix;thepinecode/simplepay-gateway - v2.4.8;tombroucke/otomaties-wordpress-iframemanager - no_fix;s3rgiosan/wpjaco - no_fix;newcool/growtype-gallery - no_fix;usefulteam/jwt-auth - dev-dependabot/composer/guzzlehttp/psr7-2.5.0;usefulteam/jwt-auth - 1.4.2.x-dev;wpsmith/servefile - no_fix;wpsmith/gravityformsaddon - no_fix;wpsmith/gravityformsaddon - 0.0.14;wpsmith/gravityformsaddon - 0.0.1;bonnier/wp-bonnier-sitemap - dev-Hotfix/testhost;bonnier/wp-bonnier-sitemap - dev-add-new-release-1-1.6.1;bonnier/wp-bonnier-sitemap - dev-dependabot/composer/guzzlehttp/guzzle-6.5.8;bonnier/wp-bonnier-sitemap - dev-WILL-3482-change-limit-for-pages-in-tags-in-sitemap;bonnier/wp-bonnier-sitemap - 1.5.4;bonnier/wp-bonnier-sitemap - dev-VOLD-427/hide-from-sitemap;bonnier/wp-bonnier-sitemap - dev-add-new-release-4-1.6.0;bonnier/wp-bonnier-sitemap - dev-Change-The-Order-of-posts-in-sitemap-by-id-2;newcool/growtype-video - no_fix;spacedmonkey/built-in-taxos-cpt - no_fix;wpsmith/capabilities - no_fix;jumprock_packages/jumprock-woocommerce - v1.0;jumprock_packages/jumprock-woocommerce - no_fix;itcig/wp-caliban - no_fix;vint3/widgetify-divi-layouts - no_fix;wpsmith/muautoloader - no_fix;wpsmith/singleton - 1.0.0;wpsmith/singleton - no_fix;wpsmith/mupluginmanager - no_fix;wpsmith/fields - 1.0.1;wpsmith/fields - 0.0.3;agilo/medusawp - no_fix;wpsmith/admin - no_fix;wpsmith/admin - 0.0.1;digitoimistodude/avoine-sso-login - no_fix;wpsmith/shortcode - no_fix;wpsmith/nojs - no_fix;wpsmith/sanitizer - no_fix;wpsmith/registerable - no_fix;wpsmith/brand - 0.0.3;wpsmith/brand - no_fix;uconn/banner - dev-dependabot/bundler/tzinfo-1.2.10;wpsmith/single-term-taxonomy - 0.0.1;wpsmith/single-term-taxonomy - no_fix;gnowland/markdown-wordpress-docs - no_fix;wpsmith/genesis-cpt-archive-settings - no_fix;wpsmith/debug - no_fix;wpsmith/debug - 0.0.4;wpsmith/functions - no_fix;benjaminmedia/wp-wa-external-shell - no_fix;vint3/remove-projects-in-divi - no_fix;vint3/shortcodes-for-woocommerce - no_fix;modfin/mfn-wp-plugin - dev-mfn-wp-plugin-rework-posthook-subscription;modfin/mfn-wp-plugin - dev-create-new-mfn-post-support;site-watch/site-watch-connect - no_fix;tombroucke/otomaties-downloads - no_fix;wpsmith/security - no_fix;wpsmith/ajax - no_fix;wpsmith/schema - no_fix;newcool/growtype-ai - no_fix;s3rgiosan/wpsmartlook - 1.2.0;s3rgiosan/wpsmartlook - dev-dependabot/npm_and_yarn/path-parse-1.0.7;wpsmith/roles - no_fix;plott/plottcore - 0.0.3;wpsmith/gravityforms - no_fix;wpsmith/gravityforms - 0.0.12;newcool/growtype-map - no_fix;wpsmith/acf - 2.0.0;wpsmith/rewrite - 1.1.0;wpsmith/rewrite - 0.0.3;logoscon/cmb2-plus - no_fix;wpsmith/wps - 0.1;wpsmith/asynctransients - no_fix;wpsmith/scripts - no_fix;wpsmith/options - no_fix;s3rgiosan/shortcodes-for-woocommerce - no_fix;kodi/wp-oop-theme - no_fix;tombroucke/otomaties-events - no_fix;mi-plugin/mi-plugin - no_fix;newcool/growtype-cron - no_fix;codexshaper/wpb-framework - no_fix;codexshaper/wpb-framework - v1.0;woody-wordpress/woody-plugin - no_fix;wpsmith/flexible-widgets - 0.0.1;wpsmith/slideout-menu - no_fix;wpsmith/customizer - 1.2.0;carawebs/address - no_fix;wpsmith/gravityformsmergetags - no_fix;jazzsequence/book-review-library - no_fix;uconn/uconn-banner-wp - no_fix;wpsmith/templates - no_fix;s3rgiosan/fm-plus - no_fix;wpsmith/transients - no_fix;wpsmith/widgets - no_fix;wpsmith/search - no_fix;wpsmith/page - no_fix;wpsmith/cleanup - no_fix;wpsmith/shortcodes - no_fix;wpsmith/parallax - no_fix;digitoimistodude/image-hashtag-feed - no_fix;wpsmith/media - no_fix;wpsmith/cron - no_fix;hofmannsven/mark-posts - 1.2.4;helsingborg-stad/algoliasearch-wordpress - 0.0.1;extensionforge/smartqa-vnr - no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us