CVE-2023-25716

2023-04-0712:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-25716

auth

admin+

stored

cross-site scripting

xss

vulnerability

gqevu6bsiz

announce

dashboard plugin

nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

17.7%

JSON

Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin <= 1.5.1 versions.

Affected configurations

Vulners

NVD

Node

gqevu6bsizannounce_from_the_dashboardRange≤1.5.1

CPENameOperatorVersion
announce_from_the_dashboard_project:announce_from_the_dashboardannounce from the dashboard project announce from the dashboardle1.5.1

CPE	Name	Operator	Version
announce_from_the_dashboard_project:announce_from_the_dashboard	announce from the dashboard project announce from the dashboard	le	1.5.1

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "announce-from-the-dashboard",
    "product": "Announce from the Dashboard",
    "vendor": "gqevu6bsiz",
    "versions": [
      {
        "changes": [
          {
            "at": "1.5.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/announce-from-the-dashboard/wordpress-announce-from-the-dashboard-plugin-1-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve