CVE-2023-24392

2023-05-1008:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-24392

nvd

unauthenticated

reflected xss

cross-site scripting

i thirteen web solution

full width banner slider

wordpress plugin

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

18.4%

JSON

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Full Width Banner Slider Wp plugin <= 1.1.7 versions.

Affected configurations

Vulners

NVD

Node

i_thirteen_web_solutionfull_width_banner_slider_wpRange≤1.1.7

CPENameOperatorVersion
i13websolution:full_width_banner_slider_wpi13websolution full width banner slider wple1.1.7

CPE	Name	Operator	Version
i13websolution:full_width_banner_slider_wp	i13websolution full width banner slider wp	le	1.1.7

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "full-width-responsive-slider-wp",
    "product": "Full Width Banner Slider Wp",
    "vendor": "I Thirteen Web Solution",
    "versions": [
      {
        "changes": [
          {
            "at": "1.1.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.1.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/full-width-responsive-slider-wp/wordpress-full-width-banner-slider-wp-plugin-1-1-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve