CVE-2023-51485

2024-02-1009:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-51485

cross-site scripting

xss

security vulnerability

wp hosting

pay with vipps

mobilepay

woocommerce

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

14.1%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Hosting Pay with Vipps and MobilePay for WooCommerce allows Stored XSS.This issue affects Pay with Vipps and MobilePay for WooCommerce: from n/a through 1.14.13.

Affected configurations

Vulners

NVD

Node

wp_hostingpay_with_vipps_and_mobilepay_for_woocommerceRange≤1.14.13

CPENameOperatorVersion
wp-hosting:pay_with_vipps_and_mobilepay_for_woocommercewp-hosting pay with vipps and mobilepay for woocommercele1.14.13

CPE	Name	Operator	Version
wp-hosting:pay_with_vipps_and_mobilepay_for_woocommerce	wp-hosting pay with vipps and mobilepay for woocommerce	le	1.14.13

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "woo-vipps",
    "product": "Pay with Vipps and MobilePay for WooCommerce",
    "vendor": "WP Hosting",
    "versions": [
      {
        "changes": [
          {
            "at": "1.14.14",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.14.13",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/woo-vipps/wordpress-pay-with-vipps-for-woocommerce-plugin-1-14-13-cross-site-scripting-xss-vulnerability?_s_id=cve