Lucene search
WPScanCVE-2023-2605HistoryJun 27, 2023 - 2:15 p.m.
CVE-2023-2605
2023-06-2714:15:10
WPScan
web.nvd.nist.gov
21
wpbrutalai
wordpress
plugin
2.0.1
cross-site scripting
reflected xss
security vulnerability
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.004
Percentile
72.3%
The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.
Affected configurations
Node
wp_brutal_ai_projectwp_brutal_aiRange<2.0.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wp_brutal_ai_project | wp_brutal_ai | * | cpe:2.3:a:wp_brutal_ai_project:wp_brutal_ai:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "wpbrutalai",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.0.1"
}
],
"defaultStatus": "unaffected"
}
]Related
prion
prion
Cross site scripting
2023-06-27 14:15:00
cvelist
cvelist
CVE-2023-2605 WP Brutal AI < 2.0.1 - Admin+ Reflected XSS
2023-06-27 13:17:26
nvd
nvd
CVE-2023-2605
2023-06-27 14:15:10
packetstorm
packetstorm
WordPress WP Brutal AI Cross Site Scripting
2023-07-25 00:00:00
wordfence
wordfence
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.004
Percentile
72.3%
Related for CVE-2023-2605