CVE-2018-10752

MEDIUM

Tagregator 0.6 - Stored Cross-Site Scripting via Title Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-10752. PoCs published by ManhNho.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in WordPress Plugin Tagregator 0.6. The PoC outlines steps to inject malicious JavaScript into the title field, which executes when previewed or accessed by other administrators.

Description

The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.

Exploits (1)

exploitdb WRITEUP
by ManhNho · textwebappsphp
https://www.exploit-db.com/exploits/45225

This is a writeup describing a stored XSS vulnerability in WordPress Plugin Tagregator 0.6. The PoC outlines steps to inject malicious JavaScript into the title field, which executes when previewed or accessed by other administrators.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin Tagregator 0.6
Auth required
Prerequisites: Admin access to WordPress · Tagregator plugin installed and activated
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45225/
Exploit, Third Party Advisory x_refsource_misc
https://pastebin.com/ZGr5tyP2

Scores

CVSS v3 4.8
EPSS 0.0191
EPSS Percentile 77.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
tagregator_project/tagregator 0.6
Published May 05, 2018
Tracked Since Feb 18, 2026