CVE-2023-1120

Exploit

EPSS 0.12%
Veröffentlicht 10.04.2023 14:15:08
Zuletzt bearbeitet 11.02.2025 22:15:25
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Simple Giveaways <= 2.45.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings

The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Mögliche Gegenmaßnahme

Simple Giveaways – Grow your business, email lists and traffic with contests: Update to version 2.45.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Simple Giveaways – Grow your business, email lists and traffic with contests

Version *-2.45.0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibenic ≫ Simple Giveaways SwPlatformwordpress Version < 2.45.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.318

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/c2defd30-7e4c-4a28-8a68-282429061f3f

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/86991143-d4e7-4114-b219-0deedd084858

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-1120

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-1120

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-1120

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-1120