阿里云漏洞库

漏洞描述

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://wpscan.com/vulnerability/f434afd3-7de4-4bf4-a9bb-9f9aeaae1dc5

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	ajaydsouza	connections_reloaded	*		Up to (including) 3.1
	运行在以下环境
	应用	archimidismertzanos	atlast_business	*		Up to (including) 1.5.8.5
	运行在以下环境
	应用	archimidismertzanos	fashionable_store	*		Up to (including) 1.3.4
	运行在以下环境
	应用	archimidismertzanos	nothing_personal	*		Up to (including) 1.0.7
	运行在以下环境
	应用	arthousewebdesign	brain_power	*		Up to (including) 1.2
	运行在以下环境
	应用	asmedia	moseter	*		Up to (including) 1.3.1
	运行在以下环境
	应用	asmedia	tuaug4	*		Up to (including) 1.4
	运行在以下环境
	应用	ayecode	cafe_bistro	*		Up to (excluding) 1.1.4
	运行在以下环境
	应用	ayecode	college	*		Up to (excluding) 1.5.1
	运行在以下环境
	应用	ayecode	directory	*		Up to (excluding) 3.0.2
	运行在以下环境
	应用	ayecode	plato	*		Up to (excluding) 1.1.9
	运行在以下环境
	应用	ayecode	restaurant_pt	*		Up to (excluding) 1.1.3
	运行在以下环境
	应用	ayecode	wedding_bride	*		Up to (excluding) 1.0.2
	运行在以下环境
	应用	climaxthemes	kata	*		Up to (excluding) 1.2.9
	运行在以下环境
	应用	competethemes	drop	*		Up to (excluding) 1.22
	运行在以下环境
	应用	davidgarlitz	viala	*		Up to (including) 1.3.1
	运行在以下环境
	应用	deothemes	arendelle	*		Up to (excluding) 1.1.13
	运行在以下环境
	应用	deothemes	everse	*		Up to (excluding) 1.2.4
	运行在以下环境
	应用	deothemes	nokke	*		Up to (excluding) 1.2.4
	运行在以下环境
	应用	dotecsa	ilex	*		Up to (excluding) 1.4.2
	运行在以下环境
	应用	dotecsa	viburno	*		Up to (excluding) 1.3.2
	运行在以下环境
	应用	fredriksoerlie	ultralight	*		Up to (including) 1.2
	运行在以下环境
	应用	fyrewurks	polka_dots	*		Up to (including) 1.2
	运行在以下环境
	应用	fyrewurks	tiki_time	*		Up to (including) 1.3
	运行在以下环境
	应用	henleythemes	counterpoint	*		Up to (including) 1.8.1
	运行在以下环境
	应用	iznyn	opor_ayam	*		Up to (including) 1.8
	运行在以下环境
	应用	iznyn	purity_of_soul	*		Up to (including) 1.9
	运行在以下环境
	应用	jinwen	js_o3_lite	*		Up to (including) 1.5.8.2
	运行在以下环境
	应用	jinwen	js_paper	*		Up to (including) 2.5.7
	运行在以下环境
	应用	marchettidesign	fullbase	*		Up to (excluding) 1.2.1
	运行在以下环境
	应用	marchettidesign	wlow	*		Up to (excluding) 1.2.7
	运行在以下环境
应用	omarfolgheraiter	digitally	*		Up to (including) 1.0.8
运行在以下环境
应用	saumendra	aapna	*		Up to (including) 1.3
运行在以下环境
应用	saumendra	anand	*		Up to (including) 1.2
运行在以下环境
应用	ta2g	tantyyellow	*		Up to (including) 1.0.0.5
运行在以下环境
应用	themeinprogress	bazaar_lite	*		Up to (excluding) 1.8.6
运行在以下环境
应用	themeinprogress	looki_lite	*		Up to (excluding) 1.3.0
运行在以下环境
应用	themeinprogress	saul	*		Up to (excluding) 1.1.0
运行在以下环境
应用	themeinprogress	saul_lite	*		Up to (excluding) 1.4.6
运行在以下环境
应用	themeinprogress	venice_lite	*		Up to (including) 1.5.5
运行在以下环境
应用	thewebhunter	anfaust	*		Up to (including) 1.1
运行在以下环境
应用	thewebhunter	offset_writing	*		Up to (including) 1.2
运行在以下环境
应用	thriveweb	pinzolo	*		Up to (excluding) 1.2.10
运行在以下环境
应用	tijaji	tijaji	*		Up to (including) 1.43
运行在以下环境
应用	wpmole	tydskrif	*		Up to (including) 1.1.3
运行在以下环境
应用	yws	bunnypress_lite	*		Up to (including) 2.1

攻击路径

网络
攻击复杂度

低
权限要求

无
影响范围

已更改
用户交互

需要
可用性

无
保密性

低
完整性

低

CWE-ID	漏洞类型
CWE-79	在Web页面生成时对输入的转义处理不恰当（跨站脚本）

多个主题 - 反射型 XSS (CVE-2023-2813)

漏洞描述

解决建议

参考链接

受影响软件情况