Lucene search

[email protected]CVE-2024-33938

HistoryMay 14, 2024 - 3:38 p.m.

CVE-2024-33938

2024-05-1415:38:16

CWE-862

[email protected]

web.nvd.nist.gov

missing authorization

codename065 sliding widgets

cross-site scripting

nvd

vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Missing Authorization vulnerability in codename065 Sliding Widgets allows Cross-Site Scripting (XSS).This issue affects Sliding Widgets: from n/a through 1.5.0.

Affected configurations

Vulners

Node

codename065sliding_widgetsRange≤1.5.0

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "sliding-widgets",
    "product": "Sliding Widgets",
    "vendor": "codename065",
    "versions": [
      {
        "lessThanOrEqual": "1.5.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/sliding-widgets/wordpress-sliding-widgets-plugin-1-5-0-broken-access-control-to-xss-vulnerability?_s_id=cve