Lucene search

WPScanCVE-2023-5348

HistoryDec 18, 2023 - 8:15 p.m.

CVE-2023-5348

2023-12-1820:15:08

CWE-79

WPScan

web.nvd.nist.gov

security

vulnerability

woocommerce

wordpress

xss

nvd

cve-2023-5348

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.3%

JSON

The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.

Affected configurations

Nvd

Vulners

Node

multivendorxproduct_catalog_mode_for_woocommerceRange<5.0.3wordpress

VendorProductVersionCPE
multivendorxproduct_catalog_mode_for_woocommerce*cpe:2.3:a:multivendorx:product_catalog_mode_for_woocommerce:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
multivendorx	product_catalog_mode_for_woocommerce	*	cpe:2.3:a:multivendorx:product_catalog_mode_for_woocommerce::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Product Catalog Mode For WooCommerce",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "5.0.3"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/b37b09c1-1b53-471c-9b10-7d2d05ae11f1

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.3%

JSON

Related for CVE-2023-5348