CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-2272

The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Exploit prediction scoring system (EPSS) score

EPSS Score 0.111

EPSS Ranking 93.2%

CVSS Severity

CVSS v3 Score 6.1

References

https://wpscan.com/vulnerability/dba60216-2753-40b7-8f2b-6caeba684b2e
https://wpscan.com/vulnerability/dba60216-2753-40b7-8f2b-6caeba684b2e

Products affected by CVE-2023-2272

Tiempo » Tiempo » Version: Any

cpe:2.3:a:tiempo:tiempo:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-2272

Products

Pricing

Contact Us