CVE-2023-3169 - Vulnerability Details - OpenCVE

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Tagdiv	Tagdiv Composer

Configuration 1 [-]

cpe:2.3:a:tagdiv:tagdiv_composer:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/e6d8216d-ace4-48ba-afca-74da0dc5abb5

History

Thu, 26 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:tagdiv:tagdiv_composer::::::::
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-09-11T19:46:07.392Z

Updated: 2024-09-26T15:51:45.513Z

Reserved: 2023-06-08T18:39:59.929Z

Link: CVE-2023-3169

Vulnrichment

Updated: 2024-08-02T06:48:07.816Z

NVD

Status : Modified

Published: 2023-09-11T20:15:09.713

Modified: 2024-11-21T08:16:36.763

Link: CVE-2023-3169

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3169", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2023-06-08T18:39:59.929Z", "datePublished": "2023-09-11T19:46:07.392Z", "dateUpdated": "2024-09-26T15:51:45.513Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-09-11T19:46:07.392Z"}, "title": "tagDiv Composer < 4.2 - Unauthenticated Stored XSS", "problemTypes": [{"descriptions": [{"description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "tagDiv Composer", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThan": "4.2"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks."}], "references": [{"url": "https://wpscan.com/vulnerability/e6d8216d-ace4-48ba-afca-74da0dc5abb5", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Truoc Phan", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:48:07.816Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/e6d8216d-ace4-48ba-afca-74da0dc5abb5", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}, {"affected": [{"vendor": "tagdiv", "product": "tagdiv_composer", "cpes": ["cpe:2.3:a:tagdiv:tagdiv_composer:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.2", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T15:47:26.962586Z", "id": "CVE-2023-3169", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T15:51:45.513Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/e6d8216d-ace4-48ba-afca-74da0dc5abb5", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:48:07.816Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-3169", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-26T15:47:26.962586Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:tagdiv:tagdiv_composer:*:*:*:*:*:*:*:*"], "vendor": "tagdiv", "product": "tagdiv_composer", "versions": [{"status": "affected", "version": "0", "lessThan": "4.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T15:51:36.564Z"}}], "cna": {"title": "tagDiv Composer < 4.2 - Unauthenticated Stored XSS", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Truoc Phan"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "tagDiv Composer", "versions": [{"status": "affected", "version": "0", "lessThan": "4.2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/e6d8216d-ace4-48ba-afca-74da0dc5abb5", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-79 Cross-Site Scripting (XSS)"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-09-11T19:46:07.392Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3169", "state": "PUBLISHED", "dateUpdated": "2024-09-26T15:51:45.513Z", "dateReserved": "2023-06-08T18:39:59.929Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2023-09-11T19:46:07.392Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tagdiv:tagdiv_composer:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "65BDC14B-C5F8-4FF8-BA2E-0ABC417537EA", "versionEndExcluding": "4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks."}, {"lang": "es", "value": "El complemento de WordPress tagDiv Composer anterior a 4.2, utilizado como complemento de los temas Newspaper y Newsmag de tagDiv, no tiene autorizaci\u00f3n en una ruta REST y no valida ni escapa algunos par\u00e1metros al devolverlos, lo que podr\u00eda permitir a usuarios no autenticados realizar ataques de Cross-Site Scripting almacenado."}], "id": "CVE-2023-3169", "lastModified": "2024-11-21T08:16:36.763", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-09-11T20:15:09.713", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/e6d8216d-ace4-48ba-afca-74da0dc5abb5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/e6d8216d-ace4-48ba-afca-74da0dc5abb5"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified"}