Lucene search

M0zePATCHSTACK:7DED2DF0A249A237C8A09C5473502F4C

HistoryFeb 12, 2021 - 12:00 a.m.

WordPress Car Repair Services premium theme <= 3.9 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

2021-02-1200:00:00

m0ze

patchstack.com

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered by m0ze in WordPress Car Repair Services premium theme (versions <= 3.9).

Solution

           Update the WordPress Car Repair Services premium theme to the latest available version (at least 4.0).

CPENameOperatorVersion
car repair servicesle3.9

CPE	Name	Operator	Version
	car repair services	le	3.9

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24335

m0ze.ru/vulnerability/[2021-02-12]-[WordPress]-[CWE-79]-Car-Repair-Services-WordPress-Theme-v3.9.txt

smartdatasoft.com/docs/car-repair-services/change-logs/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for PATCHSTACK:7DED2DF0A249A237C8A09C5473502F4C