WordPress CMS Tree Page View Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-30868

7.1HIGH

Key Information:

Vendor: WordPress
Status: Cms Tree Page View
Vendor: CVE Published:; 18 May 2023

Summary

The Jon Christopher CMS Tree Page View Plugin, specifically versions 1.6.7 and earlier, is susceptible to a reflected Cross-Site Scripting (XSS) vulnerability that permits unauthenticated attackers to inject malicious scripts into web pages viewed by users. This flaw can lead to various security risks, including session hijacking and redirection to malicious websites, posing a significant threat to WordPress sites utilizing this plugin.

Affected Version(s)

CMS Tree Page View <= 1.6.7

References

https://patchstack.com/database/vulnerability/cms-tree-pa...

vdb-entry

http://packetstormsecurity.com/files/172730/WordPress-Tre...

EPSS Score

51% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 18, 2023
Vulnerability Reserved
Apr 19, 2023

Credit

LEE SE HYOUNG (Patchstack Alliance)