Lucene search

PatchstackCVE-2023-27452

HistoryJun 22, 2023 - 12:15 p.m.

CVE-2023-27452

2023-06-2212:15:11

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-27452

authorization

stored xss

cross-site scripting

vulnerability

wow-company

button generator

button builder

plugin

nvd

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

18.0%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.3 versions.

Affected configurations

Nvd

Vulners

Node

wow-estorebutton_generator_-_easily_button_builderRange≤2.3.3wordpress

VendorProductVersionCPE
wow-estorebutton_generator_-_easily_button_builder*cpe:2.3:a:wow-estore:button_generator_-_easily_button_builder:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wow-estore	button_generator_-_easily_button_builder	*	cpe:2.3:a:wow-estore:button_generator_-_easily_button_builder::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "button-generation",
    "product": "Button Generator – easily Button Builder",
    "vendor": "Wow-Company",
    "versions": [
      {
        "changes": [
          {
            "at": "2.3.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.3.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/button-generation/wordpress-button-generator-plugin-2-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve