Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for WP Shopping Pages by Unknown

    CVE-2023-3492 (GCVE-0-2023-3492)

    Vulnerability from nvd – Published: 2023-08-07 14:31 – Updated: 2024-08-02 06:55
    VLAI
    Title
    WP Shopping Pages <= 1.14 - Stored XSS via CSRF
    Summary
    The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
    Severity
    No CVSS data available.
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/01b9b1c2-439e-44… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown WP Shopping Pages Affected: 0 , ≤ 1.14 (custom)
    Create a notification for this product.
    Credits
    Katharina Altmann WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.585Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/01b9b1c2-439e-44df-bf01-026cb13d7d40"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "affected",
              "product": "WP Shopping Pages",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "1.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Katharina Altmann"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T14:31:19.856Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/01b9b1c2-439e-44df-bf01-026cb13d7d40"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WP Shopping Pages \u003c= 1.14 - Stored XSS via CSRF",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-3492",
        "datePublished": "2023-08-07T14:31:19.856Z",
        "dateReserved": "2023-06-30T21:14:26.517Z",
        "dateUpdated": "2024-08-02T06:55:03.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3492 (GCVE-0-2023-3492)

    Vulnerability from cvelistv5 – Published: 2023-08-07 14:31 – Updated: 2024-08-02 06:55
    VLAI
    Title
    WP Shopping Pages <= 1.14 - Stored XSS via CSRF
    Summary
    The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
    Severity
    No CVSS data available.
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/01b9b1c2-439e-44… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown WP Shopping Pages Affected: 0 , ≤ 1.14 (custom)
    Create a notification for this product.
    Credits
    Katharina Altmann WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.585Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/01b9b1c2-439e-44df-bf01-026cb13d7d40"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "affected",
              "product": "WP Shopping Pages",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "1.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Katharina Altmann"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T14:31:19.856Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/01b9b1c2-439e-44df-bf01-026cb13d7d40"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WP Shopping Pages \u003c= 1.14 - Stored XSS via CSRF",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-3492",
        "datePublished": "2023-08-07T14:31:19.856Z",
        "dateReserved": "2023-06-30T21:14:26.517Z",
        "dateUpdated": "2024-08-02T06:55:03.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }