Lucene search

PatchstackCVE-2023-25452

HistoryMay 08, 2023 - 1:15 p.m.

CVE-2023-25452

2023-05-0813:15:09

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-25452

authentication

admin

stored xss

cross-site scripting

vulnerability

cms press plugin

nvd

security

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

17.5%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Pretty (prettyboymp) CMS Press plugin <= 0.2.3 versions.

Affected configurations

Nvd

Vulners

Node

cms_press_projectcms_pressRange≤0.2.3wordpress

VendorProductVersionCPE
cms_press_projectcms_press*cpe:2.3:a:cms_press_project:cms_press:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
cms_press_project	cms_press	*	cpe:2.3:a:cms_press_project:cms_press::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "cms-press",
    "product": "CMS Press",
    "vendor": "Michael Pretty (prettyboymp)",
    "versions": [
      {
        "lessThanOrEqual": "0.2.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/cms-press/wordpress-cms-press-plugin-0-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve