Lucene search

K
cvelistPatchstackCVELIST:CVE-2023-49739
HistoryDec 14, 2023 - 2:43 p.m.

CVE-2023-49739 WordPress PowerPack Pro for Elementor Plugin <= 2.9.23 is vulnerable to Cross Site Scripting (XSS)

2023-12-1414:43:09
CWE-79
Patchstack
www.cve.org
2
cve-2023-49739
wordpress
powerpack pro
elementor plugin
cross site scripting
vulnerable

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

17.0%

[PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerPack Pro for Elementor",
    "vendor": "PowerPack Addons for Elementor",
    "versions": [
      {
        "changes": [
          {
            "at": "2.9.24",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.9.23",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

17.0%

Related for CVELIST:CVE-2023-49739