CVE-2023-51372 - Vulnerability Details - OpenCVE

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar – WordPress Notification Bar allows Stored XSS.This issue affects HashBar – WordPress Notification Bar: from n/a through 1.4.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hasthemes	Hashbar

Configuration 1 [-]

cpe:2.3:a:hasthemes:hashbar:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/hashbar-wp-notification-bar/wordpress-hashbar-wordpress-notification-bar-plugin-1-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve

History

Thu, 17 Apr 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2023-12-29T10:52:53.644Z

Updated: 2025-04-17T20:19:13.138Z

Reserved: 2023-12-18T15:51:57.414Z

Link: CVE-2023-51372

Vulnrichment

Updated: 2024-08-02T22:32:10.006Z

NVD

Status : Modified

Published: 2023-12-29T11:15:09.607

Modified: 2024-11-21T08:37:58.473

Link: CVE-2023-51372

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-51372", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-12-18T15:51:57.414Z", "datePublished": "2023-12-29T10:52:53.644Z", "dateUpdated": "2025-04-17T20:19:13.138Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "hashbar-wp-notification-bar", "product": "HashBar \u2013 WordPress Notification Bar", "vendor": "HasThemes", "versions": [{"changes": [{"at": "1.4.2", "status": "unaffected"}], "lessThanOrEqual": "1.4.1", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "emad (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar \u2013 WordPress Notification Bar allows Stored XSS.<p>This issue affects HashBar \u2013 WordPress Notification Bar: from n/a through 1.4.1.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar \u2013 WordPress Notification Bar allows Stored XSS.This issue affects HashBar \u2013 WordPress Notification Bar: from n/a through 1.4.1.\n\n"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-12-29T10:52:53.644Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/hashbar-wp-notification-bar/wordpress-hashbar-wordpress-notification-bar-plugin-1-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 1.4.2 or a higher version"}], "value": "Update to\u00a01.4.2 or a higher version"}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress HashBar \u2013 WordPress Notification Bar Plugin <= 1.4.1 is vulnerable to Cross Site Scripting (XSS)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:32:10.006Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/hashbar-wp-notification-bar/wordpress-hashbar-wordpress-notification-bar-plugin-1-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-03T16:04:49.826128Z", "id": "CVE-2023-51372", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T20:19:13.138Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-51372", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-12-18T15:51:57.414Z", "datePublished": "2023-12-29T10:52:53.644Z", "dateUpdated": "2025-04-17T20:19:13.138Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "hashbar-wp-notification-bar", "product": "HashBar \u2013 WordPress Notification Bar", "vendor": "HasThemes", "versions": [{"changes": [{"at": "1.4.2", "status": "unaffected"}], "lessThanOrEqual": "1.4.1", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "emad (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar \u2013 WordPress Notification Bar allows Stored XSS.<p>This issue affects HashBar \u2013 WordPress Notification Bar: from n/a through 1.4.1.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar \u2013 WordPress Notification Bar allows Stored XSS.This issue affects HashBar \u2013 WordPress Notification Bar: from n/a through 1.4.1.\n\n"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-12-29T10:52:53.644Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/hashbar-wp-notification-bar/wordpress-hashbar-wordpress-notification-bar-plugin-1-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 1.4.2 or a higher version"}], "value": "Update to\u00a01.4.2 or a higher version"}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress HashBar \u2013 WordPress Notification Bar Plugin <= 1.4.1 is vulnerable to Cross Site Scripting (XSS)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:32:10.006Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/hashbar-wp-notification-bar/wordpress-hashbar-wordpress-notification-bar-plugin-1-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-51372", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-03T16:04:49.826128Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T20:19:09.436Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hasthemes:hashbar:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "1904F885-4FE7-4347-A07A-8740AB72BBFF", "versionEndIncluding": "1.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar \u2013 WordPress Notification Bar allows Stored XSS.This issue affects HashBar \u2013 WordPress Notification Bar: from n/a through 1.4.1.\n\n"}, {"lang": "es", "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en HasThemes HashBar \u2013 WordPress Notification Bar permite XSS almacenado. Este problema afecta a HashBar \u2013 WordPress Notification Bar: desde n/a hasta 1.4.1."}], "id": "CVE-2023-51372", "lastModified": "2024-11-21T08:37:58.473", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 3.7, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-29T11:15:09.607", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/hashbar-wp-notification-bar/wordpress-hashbar-wordpress-notification-bar-plugin-1-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/hashbar-wp-notification-bar/wordpress-hashbar-wordpress-notification-bar-plugin-1-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Secondary"}]}