Vulnerabilities > CVE-2023-1403 - Unspecified vulnerability in Weavertheme Weaver Xtreme Theme 5.0.7

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

weavertheme

NVD

Published: 2023-06-09

Updated: 2023-11-07

Summary

The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vulnerable Configurations

Part	Description	Count
Application	Weavertheme Weavertheme Weaver Xtreme Theme 5.0.7	1

References

https://themes.trac.wordpress.org/browser/weaver-xtreme/5.0.7/includes/lib-content.php#L1081
https://www.wordfence.com/threat-intel/vulnerabilities/id/5b2bef63-c871-45e4-bb05-12bbba20ca5e?source=cve