Lucene search

K
patchstackWesley (wcraft)PATCHSTACK:9A023B4E260EF07B1C6E0A8459503E5D
HistoryMay 21, 2024 - 12:00 a.m.

WordPress ShopLentor Plugin <= 2.8.8 is vulnerable to Cross Site Scripting (XSS)

2024-05-2100:00:00
wesley (wcraft)
patchstack.com
1
wordpress
shoplentor
plugin
cross site scripting
vulnerability
fixed
owasp top 10
cve-2024-3345
low severity
patch
security issue

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

Software

ShopLentor

Type

Plugin

Vulnerable versions

<= 2.8.8

Fixed in

2.8.9

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Classification

Cross Site Scripting (XSS)

CVE

CVE-2024-3345

Patch priority

Low

CVSS severity

Low (6.5)

Developer

Claim ownership

PSID

be1bbe891ed7

Credits

wesley (wcraft)

Required privilege

Contributor

Published

21 May, 2024

Vulnerability details

Remove and replace plugin Expand full details Have additional information or questions about this entry? Let us know.

Solution

This security issue has a low severity impact and is unlikely to be exploited.

Affected configurations

Vulners
Node
hasthemesshoplentorRange2.8.8wordpress
VendorProductVersionCPE
hasthemesshoplentor*cpe:2.3:a:hasthemes:shoplentor:*:*:*:*:*:wordpress:*:*

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

AI Score

5.8

Confidence

High

Related for PATCHSTACK:9A023B4E260EF07B1C6E0A8459503E5D