6.1
MEDIUM
CVE-2023-2813
Wordpress Themes XSS Vulnerability
Description

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link.

INFO

Published Date :

Sept. 4, 2023, 12:15 p.m.

Last Modified :

Nov. 7, 2023, 4:13 a.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

2.7

Exploitability Score :

2.8
Affected Products

The following products are affected by CVE-2023-2813 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Ayecode cafe_bistro
2 Ayecode college
3 Ayecode directory
4 Ayecode plato
5 Ayecode restaurant_pt
6 Ayecode wedding_bride
1 Themeinprogress bazaar_lite
2 Themeinprogress looki_lite
3 Themeinprogress saul
4 Themeinprogress saul_lite
5 Themeinprogress venice_lite
1 Archimidismertzanos atlast_business
2 Archimidismertzanos fashionable_store
3 Archimidismertzanos nothing_personal
1 Deothemes arendelle
2 Deothemes everse
3 Deothemes nokke
1 Asmedia moseter
2 Asmedia tuaug4
1 Dotecsa ilex
2 Dotecsa viburno
1 Fyrewurks polka_dots
2 Fyrewurks tiki_time
1 Iznyn opor_ayam
2 Iznyn purity_of_soul
1 Jinwen js_o3_lite
2 Jinwen js_paper
1 Marchettidesign fullbase
2 Marchettidesign wlow
1 Saumendra aapna
2 Saumendra anand
1 Thewebhunter anfaust
2 Thewebhunter offset_writing
1 Ajaydsouza connections_reloaded
1 Arthousewebdesign brain_power
1 Climaxthemes kata
1 Competethemes drop
1 Davidgarlitz viala
1 Fredriksoerlie ultralight
1 Henleythemes counterpoint
1 Omarfolgheraiter digitally
1 Ta2g tantyyellow
1 Thriveweb pinzolo
1 Tijaji tijaji
1 Wpmole tydskrif
1 Yws bunnypress_lite
: Total Affected Vendor : 25 | Products : 46
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-2813.

URL Resource
https://wpscan.com/vulnerability/f434afd3-7de4-4bf4-a9bb-9f9aeaae1dc5 Exploit Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-2813 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2023-2813 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Removed CWE WPScan CWE-79
  • Initial Analysis by [email protected]

    Sep. 15, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    Changed Reference Type https://wpscan.com/vulnerability/f434afd3-7de4-4bf4-a9bb-9f9aeaae1dc5 No Types Assigned https://wpscan.com/vulnerability/f434afd3-7de4-4bf4-a9bb-9f9aeaae1dc5 Exploit, Third Party Advisory
    Added CPE Configuration OR *cpe:2.3:a:ajaydsouza:connections_reloaded:*:*:*:*:*:wordpress:*:* versions up to (including) 3.1 *cpe:2.3:a:archimidismertzanos:atlast_business:*:*:*:*:*:wordpress:*:* versions up to (including) 1.5.8.5 *cpe:2.3:a:archimidismertzanos:fashionable_store:*:*:*:*:*:wordpress:*:* versions up to (including) 1.3.4 *cpe:2.3:a:archimidismertzanos:nothing_personal:*:*:*:*:*:wordpress:*:* versions up to (including) 1.0.7 *cpe:2.3:a:arthousewebdesign:brain_power:*:*:*:*:*:wordpress:*:* versions up to (including) 1.2 *cpe:2.3:a:asmedia:moseter:*:*:*:*:*:wordpress:*:* versions up to (including) 1.3.1 *cpe:2.3:a:asmedia:tuaug4:*:*:*:*:*:wordpress:*:* versions up to (including) 1.4 *cpe:2.3:a:ayecode:cafe_bistro:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.1.4 *cpe:2.3:a:ayecode:college:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.5.1 *cpe:2.3:a:ayecode:directory:*:*:*:*:*:wordpress:*:* versions up to (excluding) 3.0.2 *cpe:2.3:a:ayecode:plato:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.1.9 *cpe:2.3:a:ayecode:restaurant_pt:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.1.3 *cpe:2.3:a:ayecode:wedding_bride:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.0.2 *cpe:2.3:a:climaxthemes:kata:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.2.9 *cpe:2.3:a:competethemes:drop:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.22 *cpe:2.3:a:davidgarlitz:viala:*:*:*:*:*:wordpress:*:* versions up to (including) 1.3.1 *cpe:2.3:a:deothemes:arendelle:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.1.13 *cpe:2.3:a:deothemes:everse:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.2.4 *cpe:2.3:a:deothemes:nokke:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.2.4 *cpe:2.3:a:dotecsa:ilex:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.4.2 *cpe:2.3:a:dotecsa:viburno:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.3.2 *cpe:2.3:a:fredriksoerlie:ultralight:*:*:*:*:*:wordpress:*:* versions up to (including) 1.2 *cpe:2.3:a:fyrewurks:polka_dots:*:*:*:*:*:wordpress:*:* versions up to (including) 1.2 *cpe:2.3:a:fyrewurks:tiki_time:*:*:*:*:*:wordpress:*:* versions up to (including) 1.3 *cpe:2.3:a:henleythemes:counterpoint:*:*:*:*:*:wordpress:*:* versions up to (including) 1.8.1 *cpe:2.3:a:iznyn:opor_ayam:*:*:*:*:*:wordpress:*:* versions up to (including) 1.8 *cpe:2.3:a:iznyn:purity_of_soul:*:*:*:*:*:wordpress:*:* versions up to (including) 1.9 *cpe:2.3:a:jinwen:js_o3_lite:*:*:*:*:*:wordpress:*:* versions up to (including) 1.5.8.2 *cpe:2.3:a:jinwen:js_paper:*:*:*:*:*:wordpress:*:* versions up to (including) 2.5.7 *cpe:2.3:a:marchettidesign:fullbase:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.2.1 *cpe:2.3:a:marchettidesign:wlow:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.2.7 *cpe:2.3:a:omarfolgheraiter:digitally:*:*:*:*:*:wordpress:*:* versions up to (including) 1.0.8 *cpe:2.3:a:saumendra:aapna:*:*:*:*:*:wordpress:*:* versions up to (including) 1.3 *cpe:2.3:a:saumendra:anand:*:*:*:*:*:wordpress:*:* versions up to (including) 1.2 *cpe:2.3:a:ta2g:tantyyellow:*:*:*:*:*:wordpress:*:* versions up to (including) 1.0.0.5 *cpe:2.3:a:themeinprogress:bazaar_lite:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.8.6 *cpe:2.3:a:themeinprogress:looki_lite:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.3.0 *cpe:2.3:a:themeinprogress:saul:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.1.0 *cpe:2.3:a:themeinprogress:saul_lite:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.4.6 *cpe:2.3:a:themeinprogress:venice_lite:*:*:*:*:*:wordpress:*:* versions up to (including) 1.5.5 *cpe:2.3:a:thewebhunter:anfaust:*:*:*:*:*:wordpress:*:* versions up to (including) 1.1 *cpe:2.3:a:thewebhunter:offset_writing:*:*:*:*:*:wordpress:*:* versions up to (including) 1.2 *cpe:2.3:a:thriveweb:pinzolo:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.2.10 *cpe:2.3:a:tijaji:tijaji:*:*:*:*:*:wordpress:*:* versions up to (including) 1.43 *cpe:2.3:a:wpmole:tydskrif:*:*:*:*:*:wordpress:*:* versions up to (including) 1.1.3 *cpe:2.3:a:yws:bunnypress_lite:*:*:*:*:*:wordpress:*:* versions up to (including) 2.1
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-2813 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-2813 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.14 }} -0.00%

score

0.50654

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: