CVE-2023-0367 Vulnerability Details

  /     /     /  

CVE-2023-0367 Metadata Quick Info

CVE Published: 17/04/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: WPScan | Vendor: Unknown | Product: Pricing Tables For WPBakery Page Builder (formerly Visual Composer)
Status : PUBLISHED

---

CVE-2023-0367 Description

The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-79 Cross-Site Scripting (XSS)
Source: Unknown

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).