WordPress Responsive Column Widgets Plugin <= 1.2.7 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-47520

7.1HIGH

Key Information:

Vendor: WordPress
Status: Responsive Column Widgets
Vendor: CVE Published:; 14 November 2023

Summary

The Responsive Column Widgets plugin by Michael Uno is susceptible to an unauthenticated reflected Cross-Site Scripting (XSS) vulnerability. This flaw exists in versions prior to 1.2.7, allowing attackers to execute arbitrary JavaScript in the context of the user's browser. Such an exploitation could lead to unauthorized actions being performed on behalf of the user and potentially compromise the security of affected WordPress sites.

Affected Version(s)

Responsive Column Widgets <= 1.2.7

References

https://patchstack.com/database/vulnerability/responsive-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Nov 6, 2023

Credit

Le Ngoc Anh (Patchstack Alliance)