Vulnerability Details CVE-2023-3708
Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.6%
CVSS Severity
CVSS v3 Score 6.1
References
- https://deothemes.com/changelog/medikaid-changelog/
- https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=196755%40nokke&new=196755%40nokke&sfp_email=&sfph_mail=
- https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=196756%40arendelle&new=196756%40arendelle&sfp_email=&sfph_mail=
- https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=196757%40amela&new=196757%40amela&sfp_email=&sfph_mail=
- https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=196758%40everse&new=196758%40everse&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1b8b0f14-f31a-45cd-bb98-0b717059aa80?source=cve
- https://deothemes.com/changelog/medikaid-changelog/
- https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=196755%40nokke&new=196755%40nokke&sfp_email=&sfph_mail=
- https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=196756%40arendelle&new=196756%40arendelle&sfp_email=&sfph_mail=
- https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=196757%40amela&new=196757%40amela&sfp_email=&sfph_mail=
- https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=196758%40everse&new=196758%40everse&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1b8b0f14-f31a-45cd-bb98-0b717059aa80?source=cve
Products affected by CVE-2023-3708
-
cpe:2.3:a:deothemes:medikaid:1.0
-
cpe:2.3:a:deothemes:medikaid:1.0.1
-
cpe:2.3:a:deothemes:medikaid:1.0.10
-
cpe:2.3:a:deothemes:medikaid:1.0.11
-
cpe:2.3:a:deothemes:medikaid:1.0.12
-
cpe:2.3:a:deothemes:medikaid:1.0.13
-
cpe:2.3:a:deothemes:medikaid:1.0.14
-
cpe:2.3:a:deothemes:medikaid:1.0.15
-
cpe:2.3:a:deothemes:medikaid:1.0.2
-
cpe:2.3:a:deothemes:medikaid:1.0.3
-
cpe:2.3:a:deothemes:medikaid:1.0.4
-
cpe:2.3:a:deothemes:medikaid:1.0.5
-
cpe:2.3:a:deothemes:medikaid:1.0.6
-
cpe:2.3:a:deothemes:medikaid:1.0.7
-
cpe:2.3:a:deothemes:medikaid:1.0.8
-
cpe:2.3:a:deothemes:medikaid:1.0.9
-
cpe:2.3:a:deothemes:medikaid:1.1
-
cpe:2.3:a:deothemes:medikaid:1.1.1
-
cpe:2.3:a:deothemes:medikaid:1.1.2