Lucene search

PatchstackCVE-2023-26541

HistoryJun 16, 2023 - 9:15 a.m.

CVE-2023-26541

2023-06-1609:15:09

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-26541

authentication

stored xss

alexander suess

asmember plugin

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

18.0%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Suess asMember plugin <= 1.5.4 versions.

Affected configurations

Nvd

Vulners

Node

asmember_projectasmemberRange≤1.5.4wordpress

VendorProductVersionCPE
asmember_projectasmember*cpe:2.3:a:asmember_project:asmember:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
asmember_project	asmember	*	cpe:2.3:a:asmember_project:asmember::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "asmember",
    "product": "asMember",
    "vendor": "Alexander Suess",
    "versions": [
      {
        "lessThanOrEqual": "1.5.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/asmember/wordpress-asmember-plugin-1-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve