Lucene search

PatchstackCVELIST:CVE-2023-37983

HistoryAug 10, 2023 - 12:52 p.m.

CVE-2023-37983 WordPress Art Direction Plugin <= 0.2.4 is vulnerable to Cross Site Scripting (XSS)

2023-08-1012:52:23

CWE-79

Patchstack

www.cve.org

cve-2023-37983

cross site scripting

authenticated

stored

noël jackson art direction

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

21.7%

JSON

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Noël Jackson Art Direction plugin <= 0.2.4 versions.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "art-direction",
    "product": "Art Direction",
    "vendor": "Noël Jackson",
    "versions": [
      {
        "lessThanOrEqual": "0.2.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/art-direction/wordpress-art-direction-plugin-0-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve