Lucene search

[email protected]CVE-2023-23870

HistoryApr 04, 2023 - 1:15 p.m.

CVE-2023-23870

2023-04-0413:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023

23870

authentication

admin+

stored xss

cross-site scripting

xss

vulnerability

wpdevart responsive vertical icon menu plugin

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

21.1%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 versions.

Affected configurations

Vulners

NVD

Node

wpdevartresponsive_vertical_icon_menuRange≤1.5.8

VendorProductVersionCPE
wpdevartresponsive_vertical_icon_menu*cpe:2.3:a:wpdevart:responsive_vertical_icon_menu:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wpdevart	responsive_vertical_icon_menu	*	cpe:2.3:a:wpdevart:responsive_vertical_icon_menu::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wpdevart-vertical-menu",
    "product": "Responsive Vertical Icon Menu",
    "vendor": "wpdevart",
    "versions": [
      {
        "changes": [
          {
            "at": "1.5.9",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.5.8",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wpdevart-vertical-menu/wordpress-responsive-vertical-icon-menu-plugin-1-5-8-cross-site-scripting-xss?_s_id=cve