WordPress Atarim Plugin <= 3.9.3 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-37393
7.1HIGH
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 4 September 2023
Summary
The Atarim Visual Website Collaboration plugin for WordPress has a vulnerability that permits authenticated users with administrative privileges to execute stored cross-site scripting (XSS) attacks. This flaw exists in versions 3.9.3 and earlier, potentially allowing the injection of malicious scripts that could compromise user data and site integrity.
Affected Version(s)
Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.9.3
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Robert DeVore (Patchstack Alliance)