Lucene search

PatchstackCVE-2024-29142

HistoryMar 19, 2024 - 2:15 p.m.

CVE-2024-29142

2024-03-1914:15:10

CWE-79

Patchstack

web.nvd.nist.gov

cve-2024-29142

cross-site scripting

xss

webberzone better search

wordpress

vulnerability

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Score

9.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebberZone Better Search – Relevant search results for WordPress allows Stored XSS.This issue affects Better Search – Relevant search results for WordPress: from n/a through 3.3.0.

Affected configurations

Vulners

Node

webberzonebetter_searchRange≤3.3.0wordpress

VendorProductVersionCPE
webberzonebetter_search*cpe:2.3:a:webberzone:better_search:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
webberzone	better_search	*	cpe:2.3:a:webberzone:better_search::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "better-search",
    "product": "Better Search – Relevant search results for WordPress",
    "vendor": "WebberZone",
    "versions": [
      {
        "changes": [
          {
            "at": "3.3.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.3.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/better-search/wordpress-better-search-plugin-3-3-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve