CVE-2023-2813

Public Exploit
Multiple Themes - Reflected XSS

Description

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link.

6.1
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 1.66% Top 20%
Third-Party Advisory wpscan.com
Affected: Unknown Aapna
Affected: Unknown Anand
Affected: Unknown Anfaust
Affected: Unknown Arendelle
Affected: Unknown Atlast Business
Affected: Unknown Bazaar Lite
Affected: Unknown Brain Power
Affected: Unknown BunnyPressLite
Affected: Unknown Cafe Bistro
Affected: Unknown College
Affected: Unknown Connections Reloaded
Affected: Unknown Counterpoint
Affected: Unknown Digitally
Affected: Unknown Directory
Affected: Unknown Drop
Affected: Unknown Everse
Affected: Unknown Fashionable Store
Affected: Unknown Fullbase
Affected: Unknown Ilex
Affected: Unknown Js O3 Lite
Affected: Unknown Js Paper
Affected: Unknown Kata
Affected: Unknown Kata App
Affected: Unknown Kata Business
Affected: Unknown Looki Lite
Affected: Unknown moseter
Affected: Unknown Nokke
Affected: Unknown Nothing Personal
Affected: Unknown Offset Writing
Affected: Unknown Opor Ayam
Affected: Unknown Pinzolo
Affected: Unknown Plato
Affected: Unknown Polka Dots
Affected: Unknown Purity Of Soul
Affected: Unknown Restaurant PT
Affected: Unknown Saul
Affected: Unknown Sean Lite
Affected: Unknown Tantyyellow
Affected: Unknown TIJAJI
Affected: Unknown Tiki Time
Affected: Unknown Tuaug4
Affected: Unknown Tydskrif
Affected: Unknown UltraLight
Affected: Unknown Venice Lite
Affected: Unknown Viala
Affected: Unknown viburno
Affected: Unknown Wedding Bride
Affected: Unknown Wlow
Published at:
Updated at:

References

Link Tags
https://wpscan.com/vulnerability/f434afd3-7de4-4bf4-a9bb-9f9aeaae1dc5 exploit vdb entry third party advisory technical description

Frequently Asked Questions

What is the severity of CVE-2023-2813?
CVE-2023-2813 has been scored as a medium severity vulnerability.
How to fix CVE-2023-2813?
To fix CVE-2023-2813, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-2813 being actively exploited in the wild?
It is possible that CVE-2023-2813 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-2813?
CVE-2023-2813 affects Unknown Aapna, Unknown Anand, Unknown Anfaust, Unknown Arendelle, Unknown Atlast Business, Unknown Bazaar Lite, Unknown Brain Power, Unknown BunnyPressLite, Unknown Cafe Bistro, Unknown College, Unknown Connections Reloaded, Unknown Counterpoint, Unknown Digitally, Unknown Directory, Unknown Drop, Unknown Everse, Unknown Fashionable Store, Unknown Fullbase, Unknown Ilex, Unknown Js O3 Lite, Unknown Js Paper, Unknown Kata, Unknown Kata App, Unknown Kata Business, Unknown Looki Lite, Unknown moseter, Unknown Nokke, Unknown Nothing Personal, Unknown Offset Writing, Unknown Opor Ayam, Unknown Pinzolo, Unknown Plato, Unknown Polka Dots, Unknown Purity Of Soul, Unknown Restaurant PT, Unknown Saul, Unknown Sean Lite, Unknown Tantyyellow, Unknown TIJAJI, Unknown Tiki Time, Unknown Tuaug4, Unknown Tydskrif, Unknown UltraLight, Unknown Venice Lite, Unknown Viala, Unknown viburno, Unknown Wedding Bride, Unknown Wlow.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.