Lucene search

PatchstackCVELIST:CVE-2023-50376

HistoryDec 19, 2023 - 8:27 a.m.

CVE-2023-50376 WordPress Simple Membership Plugin <= 4.3.8 is vulnerable to Unauth. Reflected Cross Site Scripting (XSS)

2023-12-1908:27:46

CWE-79

Patchstack

www.cve.org

cve-2023-50376

wordpress

simple membership plugin

unauthenticated

reflected

cross site scripting

vulnerability

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

17.1%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.This issue affects Simple Membership: from n/a through 4.3.8.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "simple-membership",
    "product": "Simple Membership",
    "vendor": "smp7, wp.insider",
    "versions": [
      {
        "changes": [
          {
            "at": "4.3.9",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "4.3.8",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-3-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve