Lucene search

[email protected]NVD:CVE-2023-2399

HistoryJun 19, 2023 - 11:15 a.m.

CVE-2023-2399

2023-06-1911:15:10

[email protected]

web.nvd.nist.gov

qubot plugin

wordpress

user input

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.1%

JSON

The QuBot WordPress plugin before 1.1.6 doesn’t filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard.

Affected configurations

Nvd

Node

qudataqubotRange<1.1.6wordpress

VendorProductVersionCPE
qudataqubot*cpe:2.3:a:qudata:qubot:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
qudata	qubot	*	cpe:2.3:a:qudata:qubot::::::wordpress::*

References

wpscan.com/vulnerability/deca3cd3-f7cf-469f-9f7e-3612f7ae514d

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.1%

JSON

Related for NVD:CVE-2023-2399

cvelist1 cve1 prion1 wpvulndb1 wpexploit1