CVE-2023-25479

2023-04-2512:15:09

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-25479

authentication

stored xss

cross-site scripting

podlove subscribe

nvd

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

17.5%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions.

Affected configurations

Nvd

Vulners

Node

podlovepodlove_subscribe_buttonRange<1.3.9wordpress

VendorProductVersionCPE
podlovepodlove_subscribe_button*cpe:2.3:a:podlove:podlove_subscribe_button:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
podlove	podlove_subscribe_button	*	cpe:2.3:a:podlove:podlove_subscribe_button::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "podlove-subscribe-button",
    "product": "Podlove Subscribe button",
    "vendor": "Podlove",
    "versions": [
      {
        "changes": [
          {
            "at": "1.3.9",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.3.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/podlove-subscribe-button/wordpress-podlove-subscribe-button-plugin-1-3-7-cross-site-scripting-xss-vulnerability?_s_id=cve