Lucene search
PatchstackCVELIST:CVE-2023-47521HistoryNov 30, 2023 - 4:59 p.m.
CVE-2023-47521 WordPress Q2W3 Post Order Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)
2023-11-3016:59:43
CWE-79
Patchstack
www.cve.org
wordpress
q2w3 post order plugin
cross site scripting
vulnerability
web page generation
reflected xss
cve-2023-47521
max bond
andresc
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
0.0005 Low
EPSS
Percentile
17.1%
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Max Bond, AndreSC Q2W3 Post Order allows Reflected XSS.This issue affects Q2W3 Post Order: from n/a through 1.2.8.
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "q2w3-post-order",
"product": "Q2W3 Post Order",
"vendor": "Max Bond, AndreSC",
"versions": [
{
"lessThanOrEqual": "1.2.8",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2023-47521
2023-11-30 17:15:09
prion
prion
Cross site scripting
2023-11-30 17:15:00
nvd
nvd
CVE-2023-47521
2023-11-30 17:15:09
wpvulndb
wpvulndb
Q2W3 Post Order <= 1.2.8 - Reflected Cross-Site Scripting
2023-11-23 00:00:00
wordfence
wordfence
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
0.0005 Low
EPSS
Percentile
17.1%
Related for CVELIST:CVE-2023-47521