CVE-2023-30874

2023-08-1709:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-30874

authentication

stored xss

steve curtis

st. pete design

gps plotter

nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

14.0%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Steve Curtis, St. Pete Design Gps Plotter plugin <= 5.1.4 versions.

Affected configurations

Vulners

NVD

Node

steve_curtis\,_st._pete_designgps_plotterRange≤5.1.4

CPENameOperatorVersion
stpetedesign:gps_plotterstpetedesign gps plotterle5.1.4

CPE	Name	Operator	Version
stpetedesign:gps_plotter	stpetedesign gps plotter	le	5.1.4

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "gps-plotter",
    "product": "Gps Plotter",
    "vendor": "Steve Curtis, St. Pete Design",
    "versions": [
      {
        "lessThanOrEqual": "5.1.4",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]