{"id":"CVE-2018-20150","details":"In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.","modified":"2026-04-11T12:08:17.861158Z","published":"2018-12-14T20:29:00.470Z","database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"9.0"}],"source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106220"},{"type":"ADVISORY","url":"https://codex.wordpress.org/Version_4.9.9"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html"},{"type":"ADVISORY","url":"https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"},{"type":"ADVISORY","url":"https://wordpress.org/support/wordpress-version/version-5-0-1/"},{"type":"ADVISORY","url":"https://wpvulndb.com/vulnerabilities/9173"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4401"},{"type":"ADVISORY","url":"https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"},{"type":"FIX","url":"https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wordpress/wordpress","events":[{"introduced":"0"},{"fixed":"8d87e4a8b8aa7d66a4f5dd3795b5450fa0b76af0"},{"introduced":"491c67be12ca8a9fe37ae38307ba7e298c976ec3"},{"fixed":"3d448538caf519c6355bb32c0c8c21da87692855"},{"fixed":"fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460"}],"database_specific":{"cpe":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"4.9.9"},{"introduced":"5.0"},{"fixed":"5.0.1"}],"source":["CPE_FIELD","REFERENCES"]}}],"versions":["4.9.8"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-20150.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}