CVE IDs: CVE-2018-6194, CVE-2018-6195 Product: WordPress Splashing Images Plugin Vendor: Studio Espresso Tested Version: 2.1 CVE-2018-6194 Details: - Vulnerability: Cross-site scripting (XSS) - Affected File: wp-splashing-images/admin/partials/wp-splashing-admin-sidebar.php - Issue: The search HTTP GET parameter is directly echoed into an HTML form field without proper sanitization, allowing injection of arbitrary web script or HTML. CVE-2018-6195 Details: - Vulnerability: PHP Object Injection - Affected File: wp-splashing-images/admin/partials/wp-splashing-admin-main.php - Issue: The session HTTP GET parameter is base64-decoded and unserialized, allowing injection of a serialized PHP object by authenticated remote attackers. Solution: Update to version 2.1.1 Timeline: - Vendor contacted: 10/01/2018 - Report sent to vendor: 12/01/2018 - Update requested: 22/01/2018 - Fix released: 22/01/2018 - Report published: 26/01/2018 Credits: Vulnerabilities discovered by Nicolas Buzy-Debat of Orange Cyberdefense Singapore (CERT-LEXSI)