China National Vulnerability DatabaseCNVD-2022-68912WordPress Bookshelf plugin cross-site scripting vulnerability
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The Bookshelf plugin is an application plugin for WordPress. Bookshelf WordPress plugin version 2.0.4 and earlier is vulnerable to a cross-site scripting vulnerability, which stems from the plugin’s failure to adequately filter its "Paypal The vulnerability is caused by the plugin’s failure to adequately filter checks before exporting its “email address” settings to the page, which could be exploited by an attacker to store cross-site scripting issues.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress wordpress bookshelf plugin | le | 2.0.4 |
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N