CVE-2023-0422

The Article Directory WordPress plugin through 1.3 does not properly sanitize the `publish_terms_text` setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
article_directory_projectarticle_directory
𝑥
≤ 1.3
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/d57f2fb2-5251-4069-8c9a-a4af269c5e62
https://wpscan.com/vulnerability/d57f2fb2-5251-4069-8c9a-a4af269c5e62