Lucene search

PatchstackCVELIST:CVE-2023-28692

HistoryAug 30, 2023 - 3:27 p.m.

CVE-2023-28692 WordPress WP Abstracts Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)

2023-08-3015:27:09

CWE-79

Patchstack

www.cve.org

cve-2023-28692

cross site scripting

auth

stored cross-site scripting

vulnerable

wordpress

plugin

kevon adonis

versions

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

23.9%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.3 versions.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-abstracts-manuscripts-manager",
    "product": "WP Abstracts",
    "vendor": "Kevon Adonis",
    "versions": [
      {
        "lessThanOrEqual": "2.6.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-abstracts-manuscripts-manager/wordpress-wp-abstracts-plugin-2-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve