Lucene search
HistoryApr 05, 2023 - 8:15 a.m.
CVE-2023-26536
cross-site scripting
jonk
follow me darling
spotify play button
wordpress plugin
cve-2023-26536
vulnerability
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
21.0%
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.05 versions.
Affected configurations
Node
followmedarlingspotify-play-button-for-wordpressRange<2.06wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| followmedarling | spotify-play-button-for-wordpress | * | cpe:2.3:a:followmedarling:spotify-play-button-for-wordpress:*:*:*:*:*:wordpress:*:* |
Related
cvelist
cvelist
wpvulndb
wpvulndb
Sp*tify Play Button for WordPress < 2.06 - Contributor+ Stored XSS
2023-02-24 00:00:00
prion
prion
Cross site scripting
2023-04-05 08:15:00
cve
cve
CVE-2023-26536
2023-04-05 08:15:07
wordfence
wordfence
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
21.0%
Related for NVD:CVE-2023-26536