Vulnerability Name:

CVE-2023-32515 (CCN-255894)

Assigned:2023-05-10
Published:2023-05-10
Updated:2023-05-25
Summary:
CVSS v3 Severity:5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:M/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Multiple_Instances
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Consequences:Cross-Site Scripting
References:Source: MITRE
Type: CNA
CVE-2023-32515

Source: XF
Type: UNKNOWN
customfield-cve202332515-xss(255894)

Source: CCN
Type: Patchstack Vulnerability Database
WordPress Custom Field Suite Plugin <= 2.6.2.1 is vulnerable to Cross Site Scripting (XSS)

Source: CCN
Type: WordPress Plugin Directory
Custom Field Suite

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:custom_field_suite_project:custom_field_suite:2.5.14:*:*:*:*:wordpress:*:*
  • AND
  • cpe:/a:wordpress:wordpress:-:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    custom_field_suite_project custom field suite 2.5.14
    wordpress wordpress -