WordPress Plugin Vulnerabilities

WP Editor.md <= 10.0.3 - Cross-Site Scripting (XSS)

Description

The WP Editor.md – The Perfect WordPress Markdown Editor WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
wp-editormd
Fixed in 10.0.4

References

CVE
CVE-2018-18919
URL
https://github.com/JaxsonWang/WP-Editor.md/commit/21f340a1c73ca2ddc04bd7d875bb4f9a08dac16d
URL
https://github.com/JaxsonWang/WP-Editor.md/issues/275

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
H4ckForJob
Verified
No
WPVDB ID
bcde587c-a7cb-46e9-af5b-45636af2a558

Timeline

Publicly Published
2018-10-31 (about 7 years ago)
Added
2019-08-24 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-02-28
Title
Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site < 2.0.7 - Authenticated (Administrator+) DOM-Based Stored Cross-Site Scripting
Published
2024-01-05
Title
Orbit Fox Companion < 2.10.27 - Contributor+ Stored XSS
Published
2014-08-01
Title
placester <= 0.3.12 - XSS in ZeroClipboard
Published
2025-09-26
Title
WP Statistics < 14.15.5 - Unauthenticated Stored XSS via User-Agent Header
Published
2014-08-01
Title
Analytics360 1.2 - analytics360.php a360_error Parameter Reflected XSS