VDB
CVE-2018-5776
CVE-2018-5776
PUBLISHED
WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).
EPSS 2.83% · 86.5th percentile
Risk Scores
EPSS Score
2.83%
86.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | wordpress | *, 4.9.5+dfsg1-1, 4.9.2+dfsg-1 |
| Ubuntu:25.10 | wordpress | 6.7.2+dfsg1-1.1ubuntu1, 0 |
| Ubuntu:20.04:LTS | wordpress | *, 5.2.2+dfsg1-1, 5.3.2+dfsg1-1 |
| Ubuntu:16.04:LTS | wordpress | *, *, 4.4.1+dfsg-1 |
| Ubuntu:22.04:LTS | wordpress | 5.8.3+dfsg1-1ubuntu1.1, 5.8.1+dfsg1-2ubuntu1, 5.8.2+dfsg1-1ubuntu1 |
| Ubuntu:24.04:LTS | wordpress | 6.4.3+dfsg1-1ubuntu1, *, 0 |
Exploit Intelligence
Timeline
- Jan 18, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Mar 7, 2023 EPSS Score
- Aug 5, 2024 CVE Updated
- Mar 17, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- May 1, 2025 EPSS Score
- May 4, 2025 EPSS Score
- Jun 4, 2025 EPSS Score
- Jul 1, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-5776 third-party-advisory
- https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/ third-party-advisory
- https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850 third-party-advisory
- https://codex.wordpress.org/Version_4.9.2 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-5776 third-party-advisory