Lucene search

[email protected]NVD:CVE-2023-0644

HistoryMay 15, 2023 - 1:15 p.m.

CVE-2023-0644

2023-05-1513:15:09

[email protected]

web.nvd.nist.gov

cve-2023-0644

pushassist

wordpress

cross-site scripting

high privilege users

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.0%

JSON

The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Affected configurations

Nvd

Node

pushassistpush_notificationsRange≤3.0.8wordpress

VendorProductVersionCPE
pushassistpush_notifications*cpe:2.3:a:pushassist:push_notifications:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
pushassist	push_notifications	*	cpe:2.3:a:pushassist:push_notifications::::::wordpress::*

References

wpscan.com/vulnerability/08f5089c-36f3-4d12-bca5-99cd3ae78f67

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.0%

JSON

Related for NVD:CVE-2023-0644

prion1 cve1 cvelist1 ubuntucve1 debiancve1 wordfence1