Lucene search

[email protected]NVD:CVE-2023-7194

HistoryJan 22, 2024 - 8:15 p.m.

CVE-2023-7194

2024-01-2220:15:47

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-7194

reflected cross-site scripting

meris wordpress

high privilege users

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.0%

JSON

The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Affected configurations

Nvd

Node

meris_wp_theme_projectmeris_wp_themeRange≤1.1.2wordpress

VendorProductVersionCPE
meris_wp_theme_projectmeris_wp_theme*cpe:2.3:a:meris_wp_theme_project:meris_wp_theme:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
meris_wp_theme_project	meris_wp_theme	*	cpe:2.3:a:meris_wp_theme_project:meris_wp_theme::::::wordpress::*

References

wpscan.com/vulnerability/e20292af-939a-4cb1-91e4-5ff6aa0c7fbe

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.0%

JSON

Related for NVD:CVE-2023-7194

wpvulndb1 wpexploit1 prion1 cvelist1 cve1 wordfence1