CVE-2023-24398

2023-04-0710:15:07

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-24398

authentication

stored xss

cross-site scripting

snap creek software

ezp coming soon page plugin

nvd

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

21.0%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin <= 1.0.7.3 versions.

Affected configurations

Nvd

Vulners

Node

snapcreekezp_coming_soon_pageRange≤1.0.7.3wordpress

VendorProductVersionCPE
snapcreekezp_coming_soon_page*cpe:2.3:a:snapcreek:ezp_coming_soon_page:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
snapcreek	ezp_coming_soon_page	*	cpe:2.3:a:snapcreek:ezp_coming_soon_page::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "easy-pie-coming-soon",
    "product": "EZP Coming Soon Page",
    "vendor": "Snap Creek Software",
    "versions": [
      {
        "changes": [
          {
            "at": "1.0.7.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.0.7.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/easy-pie-coming-soon/wordpress-ezp-coming-soon-page-plugin-1-0-7-3-cross-site-scripting-xss-vulnerability?_s_id=cve