Lucene search
PatchstackCVELIST:CVE-2023-45609HistoryNov 30, 2023 - 3:52 p.m.
CVE-2023-45609 WordPress Powr Pack Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)
2023-11-3015:52:28
CWE-79
Patchstack
www.cve.org
3
wordpress
powr pack plugin
cross site scripting
vulnerability
contact form
payment form
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
EPSS
0
Percentile
14.0%
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in POWR.Io Contact Form – Custom Builder, Payment Form, and More allows Stored XSS.This issue affects Contact Form – Custom Builder, Payment Form, and More: from n/a through 2.1.0.
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "powr-pack",
"product": "Contact Form – Custom Builder, Payment Form, and More",
"vendor": "POWR.io",
"versions": [
{
"lessThanOrEqual": "2.1.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2023-45609
2023-11-30 16:15:09
cve
cve
CVE-2023-45609
2023-11-30 16:15:09
prion
prion
Cross site scripting
2023-11-30 16:15:00
wpvulndb
wpvulndb
Powr Pack <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
2023-12-08 00:00:00
POWR < 2.2.0 - Contributor+ Stored XSS
2023-11-16 00:00:00
wordfence
wordfence
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
EPSS
0
Percentile
14.0%
Related for CVELIST:CVE-2023-45609