Lucene search

China National Vulnerability DatabaseCNVD-2023-71325

HistorySep 21, 2023 - 12:00 a.m.

WordPress Leyka plugin cross-site scripting vulnerability

2023-09-2100:00:00

China National Vulnerability Database

www.cnvd.org.cn

wordpress

leyka plugin

cross-site scripting

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:M/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

14.0%

JSON

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Leyka plugin 3.30.3 and earlier versions, which stems from not cleaning up and escaping some of its settings, and can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload.

CPENameOperatorVersion
wordpress leyka pluginle3.30.3

CPE	Name	Operator	Version
	wordpress leyka plugin	le	3.30.3

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:M/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

14.0%

JSON

Related for CNVD-2023-71325