Lucene search

[email protected]NVD:CVE-2023-47658

HistoryNov 14, 2023 - 7:15 p.m.

CVE-2023-47658

2023-11-1419:15:32

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-47658

authorization

stored cross-site scripting

woocommerce

actpro extra product options

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

14.2%

JSON

Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability in actpro Extra Product Options for WooCommerce plugin <= 3.0.3 versions.

Affected configurations

NVD

Node

actproextra_product_options_for_woocommerceRange≤3.0.3wordpress

References

patchstack.com/database/vulnerability/extra-product-options-for-woocommerce/wordpress-extra-product-options-for-woocommerce-plugin-3-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve