CVE-2023-34170

2023-06-2215:15:13

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-34170

admin+

stored cross-site scripting

xss

wp overnight

quick/bulk order form

woocommerce plugin

nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

4.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.1%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Overnight Quick/Bulk Order Form for WooCommerce plugin <= 3.5.7 versions.

Affected configurations

Vulners

NVD

Node

wp_overnightquick\/bulk_order_form_for_woocommerceRange≤3.5.7

CPENameOperatorVersion
wpovernight:download_quick\/bulk_order_form_for_woocommercewpovernight download quick/bulk order form for woocommercele3.5.7

CPE	Name	Operator	Version
wpovernight:download_quick\/bulk_order_form_for_woocommerce	wpovernight download quick/bulk order form for woocommerce	le	3.5.7

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "woocommerce-bulk-order-form",
    "product": "Quick/Bulk Order Form for WooCommerce",
    "vendor": "WP Overnight",
    "versions": [
      {
        "changes": [
          {
            "at": "3.6.0",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.5.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/woocommerce-bulk-order-form/wordpress-quick-bulk-order-form-for-woocommerce-plugin-3-5-7-cross-site-scripting-xss-vulnerability?_s_id=cve