Lucene search

[email protected]CVE-2023-0992

HistoryJun 09, 2023 - 6:15 a.m.

CVE-2023-0992

2023-06-0906:15:54

CWE-79

[email protected]

web.nvd.nist.gov

shield security

wordpress

cross-site scripting

cve-2023-0992

vulnerability

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

39.4%

JSON

The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the ‘User-Agent’ header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CPENameOperatorVersion
getshieldsecurity:shield_securitygetshieldsecurity shield securityle17.0.17
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq16.1.6
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq17.0.11
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq4.16
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq15.0.13
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq1.5.4
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq4.2.0
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq1.9.2
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq2.1.0
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq1.2.3

CPE	Name	Operator	Version
getshieldsecurity:shield_security	getshieldsecurity shield security	le	17.0.17
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	16.1.6
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	17.0.11
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	4.16
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	15.0.13
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	1.5.4
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	4.2.0
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	1.9.2
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	2.1.0
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	1.2.3

Rows per page:

1-10 of 2461

References

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2883864%40wp-simple-firewall%2Ftrunk&old=2883536%40wp-simple-firewall%2Ftrunk&sfp_email=&sfph_mail=

wordpress.org/plugins/wp-simple-firewall/#developers

www.wordfence.com/threat-intel/vulnerabilities/id/162dff28-94ea-4a47-a6cb-a13317cf1a04?source=cve

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

39.4%

JSON

Related for CVE-2023-0992

prion2 cvelist2 wpvulndb1 cve1 packetstorm1 wordfence2 zdt1