Lucene search

[email protected]CVE-2023-47223

HistoryNov 08, 2023 - 7:15 p.m.

CVE-2023-47223

2023-11-0819:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-47223

auth

admin

stored

cross-site scripting

xss

vulnerability

wp map plugins

basic interactive world map

nvd

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Map Plugins Basic Interactive World Map plugin <= 2.0 versions.

Affected configurations

Vulners

NVD

Node

wp_map_pluginsbasic_interactive_world_mapRange≤2.0

CPENameOperatorVersion
wpmapplugins:basic_interactive_world_mapwpmapplugins basic interactive world maple2.0

CPE	Name	Operator	Version
wpmapplugins:basic_interactive_world_map	wpmapplugins basic interactive world map	le	2.0

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "basic-interactive-world-map",
    "product": "Basic Interactive World Map",
    "vendor": "WP Map Plugins",
    "versions": [
      {
        "changes": [
          {
            "at": "2.7",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/basic-interactive-world-map/wordpress-basic-interactive-world-map-plugin-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve