Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2023-71325
HistorySep 21, 2023 - 12:00 a.m.

WordPress Leyka plugin cross-site scripting vulnerability

2023-09-2100:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
wordpress
leyka plugin
cross-site scripting

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:M/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

14.0%

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Leyka plugin 3.30.3 and earlier versions, which stems from not cleaning up and escaping some of its settings, and can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload.

CPENameOperatorVersion
wordpress leyka pluginle3.30.3

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:M/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

14.0%