CVE-2023-0520 — MEDIUM (5.4)

Q: How severe is CVE-2023-0520?

CVE-2023-0520 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-0520?

Check the references section above for vendor advisories and patch information. Affected products include: Rapidexp Rapidexpcart.

Vulnerability Description

The RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin, furthermore lack of csrf protection means an attacker can trick a logged in admin to perform the attack by submitting a hidden form.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Rapidexp	Rapidexpcart	<= 1.0

References

FAQ

What is CVE-2023-0520?

CVE-2023-0520 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cros...

How severe is CVE-2023-0520?

CVE-2023-0520 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-0520?

Check the references section above for vendor advisories and patch information. Affected products include: Rapidexp Rapidexpcart.