CVE-2023-4719

{"id": "CVE-2023-4719", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 3.9}]}, "published": "2023-09-06T02:15:09.500", "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2962730%40simple-membership&new=2962730%40simple-membership&sfp_email=&sfph_mail=", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://wordpress.org/plugins/simple-membership/", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4b10172-7e54-4ff8-9fbb-41d160ce49e4?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to, and including, 4.3.5 due to insufficient input sanitization and output escaping. Using this vulnerability, unauthenticated attackers could inject arbitrary web scripts into pages that are being executed if they can successfully trick a user into taking an action, such as clicking a malicious link."}, {"lang": "es", "value": "El plugin Simple Membership para WordPress es vulnerable a Cross-Site Scripting (XSS) reflejado a trav\u00e9s del par\u00e1metro \"list_type\" en versiones hasta, e incluyendo, la 4.3.5 debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida. Utilizando esta vulnerabilidad, los atacantes no autenticados podr\u00edan inyectar scripts web arbitrarios en las p\u00e1ginas que se est\u00e1n ejecutando si pueden enga\u00f1ar con \u00e9xito a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace malicioso. "}], "lastModified": "2023-11-07T04:22:53.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:simple-membership-plugin:simple_membership:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "CEA748C7-767E-47EA-A775-702A70311609", "versionEndExcluding": "4.3.6"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}