CVE-2023-3510

🗓️ 11 Sep 2023 19:46:07Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 39 Views🌐 WEB

The FTP Access WordPress plugin through 1.0 is vulnerable to XSS via settings update

Reporter	Title	Published	Views	Family All 12
CNNVD	WordPress plugin FTP Access Cross-Site Scripting Vulnerability	11 Sep 202300:00	–	cnnvd
Cvelist	CVE-2023-3510 FTP Access <= 1.0 - Subscriber+ Stored XSS	11 Sep 202319:46	–	cvelist
EUVD	EUVD-2023-44169	3 Oct 202520:07	–	euvd
NVD	CVE-2023-3510	11 Sep 202320:15	–	nvd
OSV	CVE-2023-3510	11 Sep 202320:15	–	osv
Patchstack	WordPress FTP Access Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)	23 Aug 202300:00	–	patchstack
Prion	Cross site request forgery (csrf)	11 Sep 202320:15	–	prion
Positive Technologies	PT-2023-25148 · WordPress · Ftp Access	11 Sep 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-3510	23 May 202502:11	–	redhatcve
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (August 21, 2023 to August 27, 2023)	31 Aug 202312:57	–	wordfence

NVD

Vulners

Node

danialhatami ftp_accessRange≤1.0wordpress

[
  {
    "vendor": "Unknown",
    "product": "FTP Access",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "1.0"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/76abf4ac-5cc1-41a0-84c3-dff42c659581

Parameter	Position	Path	Description	CWE
FTPHost	request body	wp-admin/admin.php?page=ftp-access%2Fftp-access.php	Stored XSS via unsanitized FTPHost value in plugin settings, exploitable by authenticated users and via CSRF.	CWE-79

21 Nov 2024 08:17Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.4

EPSS0.00141