Gravity Forms DPS PxPay Plugin cross site scripting
CVE-2015-10117

3.5LOW

Key Information:

Vendor
Wordpress
Status
Gravity Forms Dps Pxpay Plugin
Vendor
CVE Published:
6 June 2023

Summary

A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The name of the patch is 5966a5e6343e3d5610bdfa126a5cfbae95e629b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230664.

Affected Version(s)

Gravity Forms DPS PxPay Plugin 1.4.0

Gravity Forms DPS PxPay Plugin 1.4.1

Gravity Forms DPS PxPay Plugin 1.4.2

References

https://vuldb.com/?id.230664
vdb-entrytechnical-description
https://vuldb.com/?ctiid.230664
signaturepermissions-required
https://github.com/wp-plugins/gravity-forms-dps-pxpay/com...
patch

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB GitHub Commit Analyzer
.