Lucene search
HistoryFeb 21, 2023 - 9:15 a.m.
CVE-2023-0378
wordpress
plugin
greenshift
xss
vulnerability
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
25.5%
The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected configurations
Node
greenshiftwpgreenshift_-_animation_and_page_builder_blocksRange<5.0wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| greenshiftwp | greenshift_-_animation_and_page_builder_blocks | * | cpe:2.3:a:greenshiftwp:greenshift_-_animation_and_page_builder_blocks:*:*:*:*:*:wordpress:*:* |
Related
wpvulndb
wpvulndb
Greenshift < 5.0 - Contributor+ Stored XSS
2023-01-27 00:00:00
prion
prion
Cross site scripting
2023-02-21 09:15:00
cvelist
cvelist
CVE-2023-0378 Greenshift < 5.0 - Contributor+ Stored XSS
2023-02-21 08:50:43
cve
cve
CVE-2023-0378
2023-02-21 09:15:12
wpexploit
wpexploit
Greenshift < 5.0 - Contributor+ Stored XSS
2023-01-27 00:00:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
25.5%
Related for NVD:CVE-2023-0378