Cross-Site Scripting (XSS) Vulnerability in WoodMart
CVE-2023-25790

5.3MEDIUM

Key Information:

Vendor

WordPress
Status
Woodmart
Vendor
CVE Published:
24 April 2024

What is CVE-2023-25790?

The vulnerability in Xtemos WoodMart theme for WordPress arises from improper authentication and the inadequate neutralization of user input during web page generation. This can result in a Cross-Site Scripting (XSS) attack, where an attacker could execute arbitrary scripts in the context of the user’s browser. Such an attack may allow adversaries to steal sensitive information, hijack user sessions, or redirect users to malicious sites. All versions of WoodMart from n/a up to and including 7.0.4 are impacted, posing significant risks to affected WordPress installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WoodMart <= 7.0.4

References

https://patchstack.com/database/vulnerability/woodmart/wo...
vdb-entry

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

FearZzZz (Patchstack Alliance)
JSON
.