Lucene search

[email protected]NVD:CVE-2023-2324

HistoryJul 04, 2023 - 8:15 a.m.

CVE-2023-2324

2023-07-0408:15:10

[email protected]

web.nvd.nist.gov

cve-2023-2324

elementor forms

google sheet connector

wordpress

plugin

cross-site scripting

reflected

admin

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

20.5%

JSON

The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Affected configurations

NVD

Node

gsheetconnectorelementor_forms_google_sheet_connectorRange<1.0.7freewordpress

gsheetconnectorelementor_forms_google_sheet_connectorRange≤1.0.7prowordpress

References

wpscan.com/vulnerability/50d81eec-f324-4445-b10f-96e94153917e

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

20.5%

JSON

Related for NVD:CVE-2023-2324

prion1 cve1 cvelist1 wordfence1