CVE-2023-31091

2023-08-1711:15:23

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-31091

nvd

security

cross-site scripting

xss

pradeep singh

dynamically register sidebars plugin

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

14.2%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pradeep Singh Dynamically Register Sidebars plugin <= 1.0.1 versions.

Affected configurations

Vulners

NVD

Node

pradeep_singhdynamically_register_sidebarsRange≤1.0.1

CPENameOperatorVersion
pradeepsinghweb:dynamically_register_sidebarspradeepsinghweb dynamically register sidebarsle1.0.1

CPE	Name	Operator	Version
pradeepsinghweb:dynamically_register_sidebars	pradeepsinghweb dynamically register sidebars	le	1.0.1

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "dynamically-register-sidebars",
    "product": "Dynamically Register Sidebars",
    "vendor": "Pradeep Singh",
    "versions": [
      {
        "lessThanOrEqual": "1.0.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/dynamically-register-sidebars/wordpress-dynamically-register-sidebars-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve