CVE-2023-45640 — Cross-site Scripting in WP Ulike Most Advanced Wordpress Marketing Toolkit

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA6.5

EPSS

0.2%

top 60.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Technowich WP Ulike Most Advanced Wordpress Marketing Toolkit Technowich WP Ulike

Timeline

PublishedOct 25

Description

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TechnoWich WP ULike – Most Advanced WordPress Marketing Toolkit plugin <= 4.6.8 versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5technowich/wp_ulike_most_advanced_wordpress_marketing_toolkitn/a — 4.6.8

▶NVDtechnowich/wp_ulike4.6.8

🔴Vulnerability Details

GHSA

GHSA-8cc6-rm8x-j43q: Auth↗2023-10-25

▶

CVEList

WordPress WP ULike Plugin <= 4.6.8 is vulnerable to Cross Site Scripting (XSS)↗2023-10-24

▶