CVE-2023-0333

EUVD-2023-12394
The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA-ADPADP
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
templatesnexttemplatesnext_toolkit
𝑥
< 3.2.9
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/e86ff4d5-d549-4c71-b80e-6a9b3bfddbfc
https://wpscan.com/vulnerability/e86ff4d5-d549-4c71-b80e-6a9b3bfddbfc