Lucene search

[email protected]CVE-2015-10095

HistoryMar 06, 2023 - 9:15 p.m.

CVE-2015-10095

2023-03-0621:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-10095

vulnerability

woo-popup plugin

wordpress

cross-site scripting

remote attack

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

53.4%

JSON

A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2 on WordPress. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.3.0 is able to address this issue. The patch is named 7c76ac78f3e16015991b612ff4fa616af4ce9292. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222327.

Affected configurations

Vulners

NVD

Node

woo-popup_projectwoo-popupMatch1.2.0

woo-popup_projectwoo-popupMatch1.2.1

woo-popup_projectwoo-popupMatch1.2.2

VendorProductVersionCPE
woo\-popup_projectwoo\-popup1.2.0cpe:2.3:a:woo\-popup_project:woo\-popup:1.2.0:*:*:*:*:*:*:*
woo\-popup_projectwoo\-popup1.2.1cpe:2.3:a:woo\-popup_project:woo\-popup:1.2.1:*:*:*:*:*:*:*
woo\-popup_projectwoo\-popup1.2.2cpe:2.3:a:woo\-popup_project:woo\-popup:1.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
woo\-popup_project	woo\-popup	1.2.0	cpe:2.3:a:woo\-popup_project:woo\-popup:1.2.0:::::::*
woo\-popup_project	woo\-popup	1.2.1	cpe:2.3:a:woo\-popup_project:woo\-popup:1.2.1:::::::*
woo\-popup_project	woo\-popup	1.2.2	cpe:2.3:a:woo\-popup_project:woo\-popup:1.2.2:::::::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "woo-popup Plugin",
    "versions": [
      {
        "version": "1.2.0",
        "status": "affected"
      },
      {
        "version": "1.2.1",
        "status": "affected"
      },
      {
        "version": "1.2.2",
        "status": "affected"
      }
    ]
  }
]

References

github.com/wp-plugins/woo-popup/commit/7c76ac78f3e16015991b612ff4fa616af4ce9292

github.com/wp-plugins/woo-popup/releases/tag/1.3.0

vuldb.com/?ctiid.222327

vuldb.com/?id.222327

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

53.4%

JSON

Related for CVE-2015-10095

cvelist1 nvd1 prion1