Lucene search

PatchstackCVE-2023-25786

HistoryMay 03, 2023 - 11:15 a.m.

CVE-2023-25786

2023-05-0311:15:13

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-25786

authorization

stored xss

cross-site scripting

thom stark eyes only

user access shortcode

nvd

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

17.5%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin <= 1.8.2 versions.

Affected configurations

Nvd

Vulners

Node

eyes_only_user_access_shortcode_projecteyes_only_user_access_shortcodeRange≤1.8.2wordpress

VendorProductVersionCPE
eyes_only_user_access_shortcode_projecteyes_only_user_access_shortcode*cpe:2.3:a:eyes_only_user_access_shortcode_project:eyes_only_user_access_shortcode:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
eyes_only_user_access_shortcode_project	eyes_only_user_access_shortcode	*	cpe:2.3:a:eyes_only_user_access_shortcode_project:eyes_only_user_access_shortcode::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "eyes-only-user-access-shortcode",
    "product": "Eyes Only: User Access Shortcode",
    "vendor": "Thom Stark",
    "versions": [
      {
        "lessThanOrEqual": "1.8.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/eyes-only-user-access-shortcode/wordpress-eyes-only-user-access-shortcode-plugin-1-8-2-cross-site-scripting-xss?_s_id=cve