CVE-2023-36688

2023-11-0916:15:34

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-36688

auth

admin

stored

cross-site scripting

xss

vulnerability

michael mann

simple site verify plugin

nvd

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

14.0%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Mann Simple Site Verify plugin <= 1.0.7 versions.

Affected configurations

Nvd

Vulners

Node

idowebsimple_site_verifyRange<1.0.8wordpress

VendorProductVersionCPE
idowebsimple_site_verify*cpe:2.3:a:idoweb:simple_site_verify:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
idoweb	simple_site_verify	*	cpe:2.3:a:idoweb:simple_site_verify::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "simple-site-verify",
    "product": "Simple Site Verify",
    "vendor": "Michael Mann",
    "versions": [
      {
        "changes": [
          {
            "at": "1.0.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.0.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]