CVE-2023-1021

🗓️ 02 May 2023 07:04:51Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 53 Views🌐 WEB

The amr ical events lists WordPress plugin through 6.6 allows stored XSS by high privilege user

Reporter	Title	Published	Views	Family All 12
CNNVD	WordPress plugin amr ical events lists 跨站脚本漏洞	2 May 202300:00	–	cnnvd
Cvelist	CVE-2023-1021 Amr Ical Events Lists <= 6.6 - Admin+ Stored XSS	2 May 202307:04	–	cvelist
EUVD	EUVD-2023-23313	3 Oct 202520:07	–	euvd
NVD	CVE-2023-1021	2 May 202308:15	–	nvd
Patchstack	WordPress Amr Ical Events Lists Plugin <= 6.6 is vulnerable to Cross Site Scripting (XSS)	12 Apr 202300:00	–	patchstack
Prion	Cross site scripting	2 May 202308:15	–	prion
Positive Technologies	PT-2023-16693 · WordPress · Amr Ical Events Lists	2 May 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-1021	23 May 202502:57	–	redhatcve
Vulnrichment	CVE-2023-1021 Amr Ical Events Lists <= 6.6 - Admin+ Stored XSS	2 May 202307:04	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (Apr 3, 2023 to Apr 9, 2023)	13 Apr 202312:03	–	wordfence

NVD

Vulners

Node

amr-ical-events-list_project amr-ical-events-listRange≤6.6wordpress

[
  {
    "vendor": "Unknown",
    "product": "amr ical events lists",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "6.6"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/91d04f96-11b2-46dc-860c-dc6c26360bf3

Parameter	Position	Path	Description	CWE
General Options fields	request body	wp-admin/admin.php?page=manage_amr_ical	Stored Cross-Site Scripting via unsanitized inputs in the amr ical events lists plugin, allowing high-privilege admins to inject scripts even when unfiltered_html is disallowed.	CWE-79

30 Jan 2025 15:15Current

4.9Medium risk

Vulners AI Score4.9

CVSS 3.14.8

EPSS0.00207

SSVC

CWE-79