Lucene search

PatchstackCVELIST:CVE-2023-27452

HistoryJun 22, 2023 - 11:59 a.m.

CVE-2023-27452 WordPress Button Generator – easily Button Builder Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

2023-06-2211:59:18

CWE-79

Patchstack

www.cve.org

wordpress

button generator

cross site scripting

xss

vulnerability

plugin

admin

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

0.001

Percentile

18.0%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.3 versions.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "button-generation",
    "product": "Button Generator – easily Button Builder",
    "vendor": "Wow-Company",
    "versions": [
      {
        "changes": [
          {
            "at": "2.3.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.3.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/button-generation/wordpress-button-generator-plugin-2-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve