Cross Site Scripting Vulnerability in SoftradeWeb SNC WP SMART CRM Plugin
CVE-2020-25375

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: WP Smart Crm \& Invoices
Vendor: CVE Published:; 14 September 2020

Summary

The SoftradeWeb SNC WP SMART CRM Plugin version 1.8.7 for WordPress contains a Cross Site Scripting vulnerability that can be exploited through various input fields including Business Name, Tax Code, First Name, Address, Town, Phone, Mobile, Place of Birth, Web Site, VAT Number, Last Name, Fax, Email, and Skype. This flaw can allow attackers to inject malicious scripts into web pages viewed by users, compromising user data and potentially leading to further attacks.

References

https://zeroaptitude.com/misha/wordpress-plugin-bug-hunti...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 14, 2020
Vulnerability Reserved
Sep 14, 2020