CVE-2023-7230

{"id": "CVE-2023-7230", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-05-15T20:15:30.757", "references": [{"url": "https://wpscan.com/vulnerability/402e428b-f966-4a36-ace0-d0ded9410b1d/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The illi Link Party! WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks."}, {"lang": "es", "value": "El complemento illi Link Party! de WordPress, hasta la versi\u00f3n 1.0, no depura ni escapa algunos par\u00e1metros, lo que podr\u00eda permitir que usuarios con un rol tan bajo como administrador realicen ataques de Cross-Site Scripting."}], "lastModified": "2025-05-27T20:02:38.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:evanliewer:illi_link_party\\!:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "C78FD2BD-2F50-47B9-ABE7-2A110B5C3AB9", "versionEndIncluding": "1.0"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}