{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "8.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.0" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "4.9.5" } ] }, "events": [ { "introduced": "0" }, { "fixed": "a4b0b219b23fe22eb6168391385b12052cd25e3e" }, { "fixed": "31a4369366d6b8ce30045d4c838de2412c77850d" } ], "repo": "https://github.com/wordpress/wordpress", "type": "GIT" } ] } ], "details": "Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.", "id": "CVE-2018-10102", "modified": "2026-04-01T23:10:24.391806077Z", "published": "2018-04-16T09:58:09.713Z", "references": [ { "type": "ADVISORY", "url": "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/" }, { "type": "ADVISORY", "url": "https://www.debian.org/security/2018/dsa-4193" }, { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/103775" }, { "type": "ADVISORY", "url": "http://www.securitytracker.com/id/1040836" }, { "type": "ADVISORY", "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00031.html" }, { "type": "ADVISORY", "url": "https://wpvulndb.com/vulnerabilities/9055" }, { "type": "ADVISORY", "url": "https://codex.wordpress.org/Version_4.9.5" }, { "type": "FIX", "url": "https://core.trac.wordpress.org/changeset/42893" }, { "type": "FIX", "url": "https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }