CVE-2023-7083

2024-01-1616:15:13

CWE-352

[email protected]

web.nvd.nist.gov

cve-2023-7083

voting record

wordpress plugin

csrf

stored xss

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

Affected configurations

Vulners

NVD

Node

davidjmillervoting_recordRange≤2.0

VendorProductVersionCPE
davidjmillervoting_record*cpe:2.3:a:davidjmiller:voting_record:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
davidjmiller	voting_record	*	cpe:2.3:a:davidjmiller:voting_record::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Voting Record",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "2.0"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]