CVE-2023-2813

Summary

CVE-2023-2813 affects multiple WordPress themes, including Aapna, Anand, Anfaust, Arendelle, Atlast Business, Bazaar Lite, Brain Power, BunnyPressLite, Cafe Bistro, College, Connections Reloaded, Counterpoint, Digitally, Directory, Drop, Everse, Fashionable Store, Fullbase, Ilex, Js O3 Lite, Js Paper, Kata, Kata App, Kata Business, Looki Lite, moseter, Nokke, Nothing Personal, Offset Writing, Opor Ayam, Pinzolo, Plato, Polka Dots, Purity Of Soul, Restaurant PT, Saul, Sean Lite, Tantyyellow, TIJAJI, Tiki Time, Tuaug4, UltraLight, Venice Lite, Viala, and viburno. These themes have a vulnerability in their search box that reflects the search results, making users susceptible to XSS attacks. Unauthenticated attackers can exploit this issue by creating malicious links, causing users to click on them and be infected with malware or have their sessions hijacked. Users are advised to update their themes to the latest versions to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.