admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 05:28:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-34xx/CVE-2023-3492.json
cad-safe-bot d4cc9923e0 Auto-Update: 2023-08-09T18:00:37.265849+00:00
2023-08-09 18:00:41 +00:00

81 lines
2.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-3492",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-07T15:15:11.280",
"lastModified": "2023-08-09T17:53:34.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cmscommander:wp_shopping_pages:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.14",
"matchCriteriaId": "25827F38-C81B-477D-9CFD-22AB193926E7"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/01b9b1c2-439e-44df-bf01-026cb13d7d40",
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink