Lucene search

[email protected]NVD:CVE-2023-4549

HistorySep 25, 2023 - 4:15 p.m.

CVE-2023-4549

2023-09-2516:15:15

[email protected]

web.nvd.nist.gov

cve-2023-4549

stored xss

wordpress plugin

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.7%

JSON

The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress’ login form.

Affected configurations

Nvd

Node

wpdo5eadologin_securityRange<3.7wordpress

VendorProductVersionCPE
wpdo5eadologin_security*cpe:2.3:a:wpdo5ea:dologin_security:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wpdo5ea	dologin_security	*	cpe:2.3:a:wpdo5ea:dologin_security::::::wordpress::*

References

wpscan.com/vulnerability/8aebead0-0eab-4d4e-8ceb-8fea0760374f

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.7%

JSON

Related for NVD:CVE-2023-4549

wpvulndb1 prion1 cvelist1 wpexploit1 cve1 wordfence1