Lucene search

PatchstackCVELIST:CVE-2023-28687

HistoryMar 26, 2024 - 8:20 p.m.

CVE-2023-28687 Reflected Cross-Site Scripting (XSS) vulnerability in multiple WordPress themes

2024-03-2620:20:59

CWE-79

Patchstack

www.cve.org

cross-site scripting

xss

wordpress

vulnerability

web page generation

neutralization of input

glaze blog lite

fascinate

cream blog

cream magazine

security issue

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

15.7%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in perfectwpthemes Glaze Blog Lite, themebeez Fascinate, themebeez Cream Blog, themebeez Cream Magazine allows Reflected XSS.This issue affects Glaze Blog Lite: from n/a through <= 1.1.4; Fascinate: from n/a through 1.0.8; Cream Blog: from n/a through 2.1.3; Cream Magazine: from n/a through 2.1.4.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/themes/",
    "defaultStatus": "unaffected",
    "packageName": "glaze-blog-lite",
    "product": "Glaze Blog Lite",
    "vendor": "perfectwpthemes",
    "versions": [
      {
        "changes": [
          {
            "at": "1.1.5",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "<= 1.1.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/themes/",
    "defaultStatus": "unaffected",
    "packageName": "fascinate",
    "product": "Fascinate",
    "vendor": "themebeez",
    "versions": [
      {
        "changes": [
          {
            "at": "1.0.9",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.0.8",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/themes",
    "defaultStatus": "unaffected",
    "packageName": "cream-blog",
    "product": "Cream Blog",
    "vendor": "themebeez",
    "versions": [
      {
        "changes": [
          {
            "at": "2.1.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.1.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "collectionURL": "https://wordpress.org/themes",
    "defaultStatus": "unaffected",
    "packageName": "cream-magazine",
    "product": "Cream Magazine",
    "vendor": "themebeez",
    "versions": [
      {
        "changes": [
          {
            "at": "2.1.5",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.1.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/cream-blog/wordpress-cream-blog-theme-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/cream-magazine/wordpress-cream-magazine-theme-2-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/fascinate/wordpress-fascinate-theme-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/glaze-blog-lite/wordpress-glaze-blog-lite-theme-1-1-4-cross-site-scripting-xss-vulnerability