Lucene search
HistoryApr 06, 2023 - 6:15 a.m.
CVE-2023-23987
cve-2023-23987
authorization
stored xss
wpeverest user registration
security vulnerability
nvd
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
0.001 Low
EPSS
Percentile
21.1%
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin <=Β 2.3.0 versions.
Affected configurations
Node
wpeverestuser_registrationRangeβ€2.3.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wpeverest | user_registration | * | cpe:2.3:a:wpeverest:user_registration:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "user-registration",
"product": "User Registration",
"vendor": "WPEverest",
"versions": [
{
"changes": [
{
"at": "2.3.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.3.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
cvelist
cvelist
nvd
nvd
CVE-2023-23987
2023-04-06 06:15:09
wpvulndb
wpvulndb
User Registration < 2.3.1 - Admin+ Stored XSS
2023-01-20 00:00:00
prion
prion
Cross site scripting
2023-04-06 06:15:00
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
0.001 Low
EPSS
Percentile
21.1%
Related for CVE-2023-23987