Cross-Site Scripting (XSS) Vulnerability in WoodMart
CVE-2023-25790

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Woodmart
Vendor: CVE Published:; 24 April 2024

Summary

The vulnerability in Xtemos WoodMart theme for WordPress arises from improper authentication and the inadequate neutralization of user input during web page generation. This can result in a Cross-Site Scripting (XSS) attack, where an attacker could execute arbitrary scripts in the context of the user’s browser. Such an attack may allow adversaries to steal sensitive information, hijack user sessions, or redirect users to malicious sites. All versions of WoodMart from n/a up to and including 7.0.4 are impacted, posing significant risks to affected WordPress installations.

Affected Version(s)

WoodMart <= 7.0.4

References

https://patchstack.com/database/vulnerability/woodmart/wo...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2024
Vulnerability Reserved
Feb 15, 2023

Credit

FearZzZz (Patchstack Alliance)