Lucene search
PatchstackVULNRICHMENT:CVE-2024-33952HistoryMay 02, 2024 - 11:22 a.m.
CVE-2024-33952 WordPress Unique theme <= 0.3.0 - Cross Site Scripting (XSS) vulnerability
2024-05-0211:22:46
CWE-79
Patchstack
github.com
2
wordpress
unique theme
xss
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Justin Tadlock Unique allows Stored XSS.This issue affects Unique: from n/a through 0.3.0.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:wordpress:unique_theme:-:*:*:*:*:*:*:*"
],
"vendor": "wordpress",
"product": "unique_theme",
"versions": [
{
"status": "affected",
"version": "-",
"versionType": "custom",
"lessThanOrEqual": "0.3.0"
}
],
"defaultStatus": "unknown"
}
]Related
cve
cve
CVE-2024-33952
2024-05-14 15:38:20
wpvulndb
wpvulndb
Unique <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
2024-05-07 00:00:00
nvd
nvd
CVE-2024-33952
2024-05-14 15:38:20
cvelist
cvelist
wordfence
wordfence
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-33952