Lucene search

VulDBCVE-2015-10107

HistoryMay 31, 2023 - 3:15 a.m.

CVE-2015-10107

2023-05-3103:15:09

CWE-79

VulDB

web.nvd.nist.gov

cve-2015-10107

vulnerability

simplr registration form plus+ plugin

wordpress

cross site scripting

remote attack

upgrade

patch

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

52.2%

JSON

A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 is able to address this issue. The identifier of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB-230153 was assigned to this vulnerability.

Affected configurations

Nvd

Vulners

Node

simplr_registration_form_plus\+_projectsimplr_registration_form_plus\+Range≤2.3.4wordpress

VendorProductVersionCPE
simplr_registration_form_plus\+_projectsimplr_registration_form_plus\+*cpe:2.3:a:simplr_registration_form_plus\+_project:simplr_registration_form_plus\+:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
simplr_registration_form_plus\+_project	simplr_registration_form_plus\+	*	cpe:2.3:a:simplr_registration_form_plus\+_project:simplr_registration_form_plus\+::::::wordpress::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Simplr Registration Form Plus+ Plugin",
    "versions": [
      {
        "version": "2.3.0",
        "status": "affected"
      },
      {
        "version": "2.3.1",
        "status": "affected"
      },
      {
        "version": "2.3.2",
        "status": "affected"
      },
      {
        "version": "2.3.3",
        "status": "affected"
      },
      {
        "version": "2.3.4",
        "status": "affected"
      }
    ]
  }
]

References

github.com/wp-plugins/simplr-registration-form/commit/d588446844dd49232ab400ef213ff5b92121c33e

vuldb.com/?ctiid.230153

vuldb.com/?id.230153

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

52.2%

JSON

Related for CVE-2015-10107