Lucene search

CVE-2023-0366

🗓️ 21 Feb 2023 09:12:15Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 41 Views🌐 WEB

The Loan Comparison WordPress plugin before 1.5.3 allows stored XSS attack

Reporter	Title	Published	Views	Family All 7
NVD	CVE-2023-0366	21 Feb 202309:15	–	nvd
WPVulnDB	Loan Comparison < 1.5.3 - Contributor+ Stored XSS via shortcode	25 Jan 202300:00	–	wpvulndb
Vulnrichment	CVE-2023-0366 Loan Comparison < 1.5.3 - Contributor+ Stored XSS via shortcode	21 Feb 202308:50	–	vulnrichment
Cvelist	CVE-2023-0366 Loan Comparison < 1.5.3 - Contributor+ Stored XSS via shortcode	21 Feb 202308:50	–	cvelist
Prion	Cross site scripting	21 Feb 202309:15	–	prion
Patchstack	WordPress Loan Comparison Plugin < 1.5.3 is vulnerable to Cross Site Scripting (XSS)	25 Jan 202300:00	–	patchstack
wpexploit	Loan Comparison < 1.5.3 - Contributor+ Stored XSS via shortcode	25 Jan 202300:00	–	wpexploit

Nvd

Vulners

Node

quick-plugins loan_comparisonRange<1.5.3wordpress

[
  {
    "vendor": "Unknown",
    "product": "Loan Comparison",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "1.5.3"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/7d68b0df-7169-46b2-b8e3-4d0c2aa8d605

Parameter	Position	Path	Description	CWE
slider	query param	/loancomparison	Stored Cross-Site Scripting vulnerability due to insufficient validation and escaping of shortcode attributes.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Feb 2023 09:15Current

5.3Medium risk

Vulners AI Score5.3

CVSS35.4

EPSS0.00054

SSVC