Lucene search
HistoryApr 17, 2023 - 1:15 p.m.
CVE-2023-1473
cve-2023-1473
metaslider
wordpress
cross-site scripting
high privilege users
security vulnerability
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
31.0%
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected configurations
Node
metasliderslider\,_gallery\,_and_carouselRange<3.29.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| metaslider | slider\,_gallery\,_and_carousel | * | cpe:2.3:a:metaslider:slider\,_gallery\,_and_carousel:*:*:*:*:*:wordpress:*:* |
Related
wpexploit
wpexploit
Responsive WordPress Slideshows 3.29.0 - Reflected XSS
2023-03-27 00:00:00
cvelist
cvelist
CVE-2023-1473 Responsive WordPress Slideshows 3.29.0 - Reflected XSS
2023-04-17 12:17:48
prion
prion
Cross site scripting
2023-04-17 13:15:00
cve
cve
CVE-2023-1473
2023-04-17 13:15:38
wpvulndb
wpvulndb
Responsive WordPress Slideshows 3.29.0 - Reflected XSS
2023-03-27 00:00:00
openvas
openvas
wordfence
wordfence
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
31.0%
Related for NVD:CVE-2023-1473