Lucene search

WPScanCVE-2023-0422

HistoryApr 10, 2023 - 2:15 p.m.

CVE-2023-0422

2023-04-1014:15:08

WPScan

web.nvd.nist.gov

article directory

wordpress

plugin

security

vulnerability

cve-2023-0422

xss

stored xss

administration panel

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.4%

JSON

The Article Directory WordPress plugin through 1.3 does not properly sanitize the publish_terms_text setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts.

Affected configurations

Nvd

Vulners

Node

article_directory_projectarticle_directoryRange≤1.3wordpress

VendorProductVersionCPE
article_directory_projectarticle_directory*cpe:2.3:a:article_directory_project:article_directory:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
article_directory_project	article_directory	*	cpe:2.3:a:article_directory_project:article_directory::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Article Directory",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "1.3"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/d57f2fb2-5251-4069-8c9a-a4af269c5e62