Lucene search

PatchstackCVE-2023-50370

HistoryDec 14, 2023 - 2:15 p.m.

CVE-2023-50370

2023-12-1414:15:45

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-50370

cross-site scripting

xss

livemesh

wpbakery page builder addons

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

5.8

Confidence

High

EPSS

Percentile

14.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Livemesh WPBakery Page Builder Addons by Livemesh allows Stored XSS.This issue affects WPBakery Page Builder Addons by Livemesh: from n/a through 3.5.

Affected configurations

Nvd

Vulners

Node

livemeshthemeswpbakery_page_builder_addonsRange<3.6wordpress

VendorProductVersionCPE
livemeshthemeswpbakery_page_builder_addons*cpe:2.3:a:livemeshthemes:wpbakery_page_builder_addons:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
livemeshthemes	wpbakery_page_builder_addons	*	cpe:2.3:a:livemeshthemes:wpbakery_page_builder_addons::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "addons-for-visual-composer",
    "product": "WPBakery Page Builder Addons by Livemesh",
    "vendor": "Livemesh",
    "versions": [
      {
        "changes": [
          {
            "at": "3.6",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/addons-for-visual-composer/wordpress-livemesh-addons-for-wpbakery-page-builder-plugin-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve