CVE-2023-51404

2024-02-1009:15:07

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-51404

web page generation

cross-site scripting

vulnerability

my agile privacy

gdpr

wordpress

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

EPSS

Percentile

14.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in MyAgilePrivacy My Agile Privacy – The only GDPR solution for WordPress that you can truly trust allows Stored XSS.This issue affects My Agile Privacy – The only GDPR solution for WordPress that you can truly trust: from n/a through 2.1.7.

Affected configurations

Nvd

Vulners

Node

myagileprivacymy_agile_privacyRange≤2.1.7wordpress

VendorProductVersionCPE
myagileprivacymy_agile_privacy*cpe:2.3:a:myagileprivacy:my_agile_privacy:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
myagileprivacy	my_agile_privacy	*	cpe:2.3:a:myagileprivacy:my_agile_privacy::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "myagileprivacy",
    "product": "My Agile Privacy – The only GDPR solution for WordPress that you can truly trust",
    "vendor": "MyAgilePrivacy",
    "versions": [
      {
        "changes": [
          {
            "at": "2.1.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.1.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]