Lucene search

PatchstackCVELIST:CVE-2023-32576

HistoryAug 25, 2023 - 8:38 a.m.

CVE-2023-32576 WordPress Locatoraid Store Locator Plugin <= 3.9.18 is vulnerable to Cross Site Scripting (XSS)

2023-08-2508:38:49

CWE-79

Patchstack

www.cve.org

wordpress

locatoraid

store locator

vulnerability

cve-2023-32576

cross site scripting

xss

plainware

3.9.18

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

6.5

Confidence

High

EPSS

Percentile

14.0%

JSON

Auth. (subscriber+) Stored Cross-Site Scripting’) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.18 versions.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "locatoraid",
    "product": "Locatoraid Store Locator",
    "vendor": "Plainware",
    "versions": [
      {
        "changes": [
          {
            "at": "3.9.19",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.9.18",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/locatoraid/wordpress-locatoraid-store-locator-plugin-3-9-18-cross-site-scripting-xss-vulnerability?_s_id=cve