Search
Find a vulnerability
Search criteria
2 vulnerabilities found for WassUp Real Time Analytics by Unknown
CVE-2023-5653 (GCVE-0-2023-5653)
Vulnerability from nvd – Published: 2023-11-27 16:22 – Updated: 2024-08-02 08:07
VLAI
Title
WassUp Real Time Analytics <= 1.9.4.5 - Unauthenticated Stored XSS
Summary
The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/76316621-1987-44… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WassUp Real Time Analytics |
Affected:
0 , ≤ 1.9.4.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/76316621-1987-44ea-83e5-6ca884bdd1c0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "affected",
"product": "WassUp Real Time Analytics",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.9.4.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-27T16:22:01.293Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/76316621-1987-44ea-83e5-6ca884bdd1c0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WassUp Real Time Analytics \u003c= 1.9.4.5 - Unauthenticated Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-5653",
"datePublished": "2023-11-27T16:22:01.293Z",
"dateReserved": "2023-10-19T11:49:37.990Z",
"dateUpdated": "2024-08-02T08:07:32.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5653 (GCVE-0-2023-5653)
Vulnerability from cvelistv5 – Published: 2023-11-27 16:22 – Updated: 2024-08-02 08:07
VLAI
Title
WassUp Real Time Analytics <= 1.9.4.5 - Unauthenticated Stored XSS
Summary
The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/76316621-1987-44… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | WassUp Real Time Analytics |
Affected:
0 , ≤ 1.9.4.5
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/76316621-1987-44ea-83e5-6ca884bdd1c0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "affected",
"product": "WassUp Real Time Analytics",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.9.4.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-27T16:22:01.293Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/76316621-1987-44ea-83e5-6ca884bdd1c0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WassUp Real Time Analytics \u003c= 1.9.4.5 - Unauthenticated Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-5653",
"datePublished": "2023-11-27T16:22:01.293Z",
"dateReserved": "2023-10-19T11:49:37.990Z",
"dateUpdated": "2024-08-02T08:07:32.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}