Lucene search

[email protected]NVD:CVE-2023-1435

HistoryApr 24, 2023 - 7:15 p.m.

CVE-2023-1435

2023-04-2419:15:09

[email protected]

web.nvd.nist.gov

cve-2023-1435

wordpress plugin

reflected cross-site scripting

high privilege users

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.0%

JSON

The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Affected configurations

Nvd

Node

ajax_search_projectajax_searchRange<4.26.2prowordpress

VendorProductVersionCPE
ajax_search_projectajax_search*cpe:2.3:a:ajax_search_project:ajax_search:*:*:*:*:pro:wordpress:*:*

Vendor	Product	Version	CPE
ajax_search_project	ajax_search	*	cpe:2.3:a:ajax_search_project:ajax_search:::::pro:wordpress::

References

wpscan.com/vulnerability/0ca62908-4ef5-41e0-9223-f77ad2c333d7

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.0%

JSON

Related for NVD:CVE-2023-1435

wpvulndb1 cvelist1 cve1 prion1 wpexploit1 wordfence1