CVE-2023-31071: WordPress Modal Dialog Plugin <= 3.5.14 is vulnerable to Cross Site Scripting (XSS)
First published: Thu Aug 17 2023(Updated: )
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <= 3.5.14 versions.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Modal Dialog Project | <=3.5.14 |
Remedy
Update to 3.5.15 or a higher version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-31071.
What is the severity of CVE-2023-31071?
The severity of CVE-2023-31071 is high with a severity value of 6.1.
What is the affected software for CVE-2023-31071?
The affected software for CVE-2023-31071 is Yannick Lefebvre Modal Dialog plugin version <= 3.5.14.
What is the common weakness enumeration (CWE) ID for CVE-2023-31071?
The common weakness enumeration (CWE) ID for CVE-2023-31071 is CWE-79.
How can I fix the vulnerability in Yannick Lefebvre Modal Dialog plugin version <= 3.5.14?
To fix the vulnerability in Yannick Lefebvre Modal Dialog plugin version <= 3.5.14, you should upgrade to a newer version of the plugin that has the security patch applied.
- agent/author
- agent/type
- agent/softwarecombine
- agent/title
- agent/weakness
- agent/severity
- agent/remedy
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/ylefebvre
- canonical/modal dialog project
- version/modal dialog project/3.5.14