CVE-2020-8799

{"id": "CVE-2020-8799", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2020-05-05T16:15:11.663", "references": [{"url": "https://wordpress.org/plugins/wti-like-post/#developers", "tags": ["Product", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wpvulndb.com/vulnerabilities/10210", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wordpress.org/plugins/wti-like-post/#developers", "tags": ["Product", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wpvulndb.com/vulnerabilities/10210", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad de tipo XSS Almacenado en la p\u00e1gina de administraci\u00f3n del plugin WTI Like Post versiones hasta 1.4.5 para WordPress. Una vez que el administrador ha enviado los datos, el script almacenado es ejecutado para todos los usuarios que visitan el sitio web."}], "lastModified": "2024-11-21T05:39:27.760", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webtechideas:wti_like_post:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "981B7D7C-4E00-4159-A1DF-F507097010D8", "versionEndIncluding": "1.4.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}