Lucene search
HistoryNov 06, 2023 - 9:15 p.m.
CVE-2023-5354
cve-2023-5354
wordpress plugin
cross-site scripting
security vulnerability
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.0005 Low
EPSS
Percentile
17.0%
The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Affected configurations
Node
awesomelibmemcachedRange<6.1.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| awesome | libmemcached | * | cpe:2.3:a:awesome:libmemcached:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Awesome Support",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "6.1.5"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Cross site scripting
2023-11-06 21:15:00
wpexploit
wpexploit
Awesome Support < 6.1.5 - Reflected Cross-Site Scripting
2023-10-16 00:00:00
wpvulndb
wpvulndb
Awesome Support < 6.1.5 - Reflected Cross-Site Scripting
2023-10-16 00:00:00
cvelist
cvelist
CVE-2023-5354 Awesome Support < 6.1.5 - Reflected Cross-Site Scripting
2023-11-06 20:40:28
nvd
nvd
CVE-2023-5354
2023-11-06 21:15:09
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.0005 Low
EPSS
Percentile
17.0%
Related for CVE-2023-5354