Lucene search

PatchstackCVE-2024-43276

HistoryAug 18, 2024 - 2:15 p.m.

CVE-2024-43276

2024-08-1814:15:06

CWE-79

Patchstack

web.nvd.nist.gov

xss

svetoslav marinov

child theme creator

web page generation

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

17.7%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Svetoslav Marinov (Slavi) Child Theme Creator allows Reflected XSS.This issue affects Child Theme Creator: from n/a through 1.5.4.

Affected configurations

Nvd

Vulners

Vulnrichment

Node

orbisiuschild_theme_creatorRange<1.5.5wordpress

VendorProductVersionCPE
orbisiuschild_theme_creator*cpe:2.3:a:orbisius:child_theme_creator:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
orbisius	child_theme_creator	*	cpe:2.3:a:orbisius:child_theme_creator::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "orbisius-child-theme-creator",
    "product": "Child Theme Creator",
    "vendor": "Svetoslav Marinov (Slavi)",
    "versions": [
      {
        "changes": [
          {
            "at": "1.5.5",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.5.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/orbisius-child-theme-creator/wordpress-child-theme-creator-by-orbisius-plugin-1-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve