Lucene search

PatchstackCVELIST:CVE-2023-45747

HistoryOct 24, 2023 - 11:24 a.m.

CVE-2023-45747 WordPress WP Lightbox 2 Plugin <= 3.0.6.5 is vulnerable to Cross Site Scripting (XSS)

2023-10-2411:24:56

CWE-79

Patchstack

www.cve.org

cve-2023-45747

cross site scripting

authenticated

syed balkhi

stored xss

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

EPSS

Percentile

14.0%

JSON

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Syed Balkhi WP Lightbox 2 plugin <= 3.0.6.5 versions.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-lightbox-2",
    "product": "WP Lightbox 2",
    "vendor": "Syed Balkhi",
    "versions": [
      {
        "changes": [
          {
            "at": "3.0.6.6",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.0.6.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-lightbox-2/wordpress-wp-lightbox-2-plugin-3-0-6-5-cross-site-scripting-xss-vulnerability?_s_id=cve