Lucene search

[email protected]CVE-2023-31217

HistoryOct 18, 2023 - 1:15 p.m.

CVE-2023-31217

2023-10-1813:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-31217

authentication

contributor

stored xss

cross-site scripting

xss

vulnerability

mytechtalky

user location

ip plugin

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MyTechTalky User Location and IP plugin <= 1.6 versions.

Affected configurations

Vulners

NVD

Node

mytechtalkyuser_location_and_ipRange≤1.6

CPENameOperatorVersion
user_location_and_ip_project:user_location_and_ipuser location and ip project user location and iple1.6

CPE	Name	Operator	Version
user_location_and_ip_project:user_location_and_ip	user location and ip project user location and ip	le	1.6

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "user-location-and-ip",
    "product": "User Location and IP",
    "vendor": "MyTechTalky",
    "versions": [
      {
        "lessThanOrEqual": "1.6",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]