Themes Vulnerabilities

nsc theme <= 1.0 - Reflected Cross-Site Scripting

Description

The theme does not sufficiently sanitize input or escape output, leading to potential Reflected Cross-Site Scripting via prototype pollution.

Affects Themes

nsc
No known fix

References

CVE
CVE-2023-3965
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/5909513d-8877-40ff-bee9-d565141b7ed2

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
longxi
Verified
No
WPVDB ID
c63dd5cd-310a-4b38-8fbe-66c18e92d713

Timeline

Publicly Published
2023-07-26 (about 2 years ago)
Added
2023-11-03 (about 2 years ago)
Last Updated
2023-11-03 (about 2 years ago)

Other

Published
Title
Published
2023-07-12
Title
Media Library Assistant < 3.08 - Reflected Cross-Site Scripting
Published
2024-05-22
Title
WP DSGVO Tools (GDPR) < 3.1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2024-04-16
Title
CBX Bookmark & Favorite < 1.7.22 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-01-03
Title
WP-tagMaker <= 0.2.2 - Reflected Cross-Site Scripting
Published
2021-01-06
Title
Advanced Custom Fields < 5.8.12 - Cross-Site Scripting in Select2 dropdowns