Lucene search

PatchstackCVE-2023-41731

HistoryOct 02, 2023 - 8:15 a.m.

CVE-2023-41731

2023-10-0208:15:38

CWE-79

Patchstack

web.nvd.nist.gov

cve-2023-41731

auth

stored xss

cross-site scripting

wordpress

email notification

plugin

vulnerability

nvd

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

18.6%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress publish post email notification plugin <= 1.0.2.2 versions.

Affected configurations

Nvd

Vulners

Node

i13websolutionwordpress_publish_post_email_notificationRange≤1.0.2.2wordpress

VendorProductVersionCPE
i13websolutionwordpress_publish_post_email_notification*cpe:2.3:a:i13websolution:wordpress_publish_post_email_notification:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
i13websolution	wordpress_publish_post_email_notification	*	cpe:2.3:a:i13websolution:wordpress_publish_post_email_notification::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "publish-post-email-notification",
    "product": "WordPress publish post email notification",
    "vendor": "I Thirteen Web Solution",
    "versions": [
      {
        "changes": [
          {
            "at": "1.0.2.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.0.2.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/publish-post-email-notification/wordpress-wordpress-publish-post-email-notification-plugin-1-0-2-2-cross-site-scripting-xss?_s_id=cve