Japan Vulnerability NotesJVN:26026353JVN#26026353: WordPress plugin "Markdown on Save Improved" vulnerable to cross-site scripting
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
55.8%
The WordPress plugin “Markdown on Save Improved” contains a stored cross-site scripting (CWE-79) vulnerability.
Impact
An arbitrary script may be executed on the user’s web browser.
Solution
Update the plugin
Update the plugin according to the information provided by the developer.
While the developer provided an update for this vulnerability, the developer states that this plugin is deprecated. Fixes may not be provided in the future, so it is recommended to transition to a different module.
Products Affected
- Markdown on Save Improved version 2.5 and earlier
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
55.8%