CVE-2023-2813
Wordpress Themes XSS Vulnerability
Description
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link.
INFO
Published Date :
Sept. 4, 2023, 12:15 p.m.
Last Modified :
Nov. 7, 2023, 4:13 a.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
2.7
Exploitability Score :
2.8
Affected Products
The following products are affected by CVE-2023-2813
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-2813.
| URL | Resource |
|---|---|
| https://wpscan.com/vulnerability/f434afd3-7de4-4bf4-a9bb-9f9aeaae1dc5 | Exploit Third Party Advisory |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-2813 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2023-2813 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
CVE Modified by [email protected]
Nov. 07, 2023
Action Type Old Value New Value Removed CWE WPScan CWE-79 -
Initial Analysis by [email protected]
Sep. 15, 2023
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Changed Reference Type https://wpscan.com/vulnerability/f434afd3-7de4-4bf4-a9bb-9f9aeaae1dc5 No Types Assigned https://wpscan.com/vulnerability/f434afd3-7de4-4bf4-a9bb-9f9aeaae1dc5 Exploit, Third Party Advisory Added CPE Configuration OR *cpe:2.3:a:ajaydsouza:connections_reloaded:*:*:*:*:*:wordpress:*:* versions up to (including) 3.1 *cpe:2.3:a:archimidismertzanos:atlast_business:*:*:*:*:*:wordpress:*:* versions up to (including) 1.5.8.5 *cpe:2.3:a:archimidismertzanos:fashionable_store:*:*:*:*:*:wordpress:*:* versions up to (including) 1.3.4 *cpe:2.3:a:archimidismertzanos:nothing_personal:*:*:*:*:*:wordpress:*:* versions up to (including) 1.0.7 *cpe:2.3:a:arthousewebdesign:brain_power:*:*:*:*:*:wordpress:*:* versions up to (including) 1.2 *cpe:2.3:a:asmedia:moseter:*:*:*:*:*:wordpress:*:* versions up to (including) 1.3.1 *cpe:2.3:a:asmedia:tuaug4:*:*:*:*:*:wordpress:*:* versions up to (including) 1.4 *cpe:2.3:a:ayecode:cafe_bistro:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.1.4 *cpe:2.3:a:ayecode:college:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.5.1 *cpe:2.3:a:ayecode:directory:*:*:*:*:*:wordpress:*:* versions up to (excluding) 3.0.2 *cpe:2.3:a:ayecode:plato:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.1.9 *cpe:2.3:a:ayecode:restaurant_pt:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.1.3 *cpe:2.3:a:ayecode:wedding_bride:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.0.2 *cpe:2.3:a:climaxthemes:kata:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.2.9 *cpe:2.3:a:competethemes:drop:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.22 *cpe:2.3:a:davidgarlitz:viala:*:*:*:*:*:wordpress:*:* versions up to (including) 1.3.1 *cpe:2.3:a:deothemes:arendelle:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.1.13 *cpe:2.3:a:deothemes:everse:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.2.4 *cpe:2.3:a:deothemes:nokke:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.2.4 *cpe:2.3:a:dotecsa:ilex:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.4.2 *cpe:2.3:a:dotecsa:viburno:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.3.2 *cpe:2.3:a:fredriksoerlie:ultralight:*:*:*:*:*:wordpress:*:* versions up to (including) 1.2 *cpe:2.3:a:fyrewurks:polka_dots:*:*:*:*:*:wordpress:*:* versions up to (including) 1.2 *cpe:2.3:a:fyrewurks:tiki_time:*:*:*:*:*:wordpress:*:* versions up to (including) 1.3 *cpe:2.3:a:henleythemes:counterpoint:*:*:*:*:*:wordpress:*:* versions up to (including) 1.8.1 *cpe:2.3:a:iznyn:opor_ayam:*:*:*:*:*:wordpress:*:* versions up to (including) 1.8 *cpe:2.3:a:iznyn:purity_of_soul:*:*:*:*:*:wordpress:*:* versions up to (including) 1.9 *cpe:2.3:a:jinwen:js_o3_lite:*:*:*:*:*:wordpress:*:* versions up to (including) 1.5.8.2 *cpe:2.3:a:jinwen:js_paper:*:*:*:*:*:wordpress:*:* versions up to (including) 2.5.7 *cpe:2.3:a:marchettidesign:fullbase:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.2.1 *cpe:2.3:a:marchettidesign:wlow:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.2.7 *cpe:2.3:a:omarfolgheraiter:digitally:*:*:*:*:*:wordpress:*:* versions up to (including) 1.0.8 *cpe:2.3:a:saumendra:aapna:*:*:*:*:*:wordpress:*:* versions up to (including) 1.3 *cpe:2.3:a:saumendra:anand:*:*:*:*:*:wordpress:*:* versions up to (including) 1.2 *cpe:2.3:a:ta2g:tantyyellow:*:*:*:*:*:wordpress:*:* versions up to (including) 1.0.0.5 *cpe:2.3:a:themeinprogress:bazaar_lite:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.8.6 *cpe:2.3:a:themeinprogress:looki_lite:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.3.0 *cpe:2.3:a:themeinprogress:saul:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.1.0 *cpe:2.3:a:themeinprogress:saul_lite:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.4.6 *cpe:2.3:a:themeinprogress:venice_lite:*:*:*:*:*:wordpress:*:* versions up to (including) 1.5.5 *cpe:2.3:a:thewebhunter:anfaust:*:*:*:*:*:wordpress:*:* versions up to (including) 1.1 *cpe:2.3:a:thewebhunter:offset_writing:*:*:*:*:*:wordpress:*:* versions up to (including) 1.2 *cpe:2.3:a:thriveweb:pinzolo:*:*:*:*:*:wordpress:*:* versions up to (excluding) 1.2.10 *cpe:2.3:a:tijaji:tijaji:*:*:*:*:*:wordpress:*:* versions up to (including) 1.43 *cpe:2.3:a:wpmole:tydskrif:*:*:*:*:*:wordpress:*:* versions up to (including) 1.1.3 *cpe:2.3:a:yws:bunnypress_lite:*:*:*:*:*:wordpress:*:* versions up to (including) 2.1
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-2813 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-2813
weaknesses.
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
0.15 }} 0.00%
score
0.51165
percentile