Lucene search

[email protected]CVE-2023-37980

HistoryJul 27, 2023 - 2:15 p.m.

CVE-2023-37980

2023-07-2714:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-37980

authorization

stored xss

gravity master

custom field

wp job manager

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

5.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gravity Master Custom Field For WP Job Manager plugin <= 1.1 versions.

Affected configurations

Vulners

NVD

Node

gravity_mastercustom_field_for_wp_job_managerRange≤1.1

CPENameOperatorVersion
custom_field_for_wp_job_manager_project:custom_field_for_wp_job_managercustom field for wp job manager project custom field for wp job managerlt1.2

CPE	Name	Operator	Version
custom_field_for_wp_job_manager_project:custom_field_for_wp_job_manager	custom field for wp job manager project custom field for wp job manager	lt	1.2

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "custom-field-for-wp-job-manager",
    "product": "Custom Field For WP Job Manager",
    "vendor": "Gravity Master",
    "versions": [
      {
        "changes": [
          {
            "at": "1.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/custom-field-for-wp-job-manager/wordpress-custom-field-for-wp-job-manager-plugin-1-1-cross-site-scripting-xss?_s_id=cve