CVE-2023-3492 WP Shopping Pages <= 1.14 - Stored XSS via CSRF

🗓️ 07 Aug 2023 14:31:19Reported by WPScanType

WP Shopping Pages WordPress plugin vulnerability

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-3492	7 Aug 202318:13	–	circl
CNNVD	WordPress plugin WP Shopping Pages 跨站脚本漏洞	7 Aug 202300:00	–	cnnvd
CNVD	CrafterCMS is an open source headless CMS for enterprise-level websites and other content-driven digital experiences, especially those that are high-performance, large-scale and ultra-secure. CrafterCMS suffers from a cross-site scripting vulnerability in versions 3.1.0 through 3.1.27 and 4.0.0 through 4.0.2. The vulnerability is due to improper neutralization of inputs during page generation allowing for reflected XSS.No detailed vulnerability details are available at this time.	12 Aug 202300:00	–	cnvd
CVE	CVE-2023-3492	7 Aug 202314:31	–	cve
EUVD	EUVD-2023-44151	3 Oct 202520:07	–	euvd
NVD	CVE-2023-3492	7 Aug 202315:15	–	nvd
OSV	CVE-2023-3492	7 Aug 202315:15	–	osv
Patchstack	WordPress WP Shopping Pages Plugin <= 1.14 is vulnerable to Cross Site Scripting (XSS)	18 Jul 202300:00	–	patchstack
Prion	Cross site request forgery (csrf)	7 Aug 202315:15	–	prion
Positive Technologies	PT-2023-25052 · WordPress · Wp Shopping Pages	7 Aug 202300:00	–	ptsecurity

[
  {
    "vendor": "Unknown",
    "product": "WP Shopping Pages",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThanOrEqual": "1.14"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/01b9b1c2-439e-44df-bf01-026cb13d7d40

07 Aug 2023 14:31Current

6.4Medium risk

Vulners AI Score6.4

EPSS0.00327