CVE-2023-2813

Name of the Vulnerable Software and Affected Versions Aapna WordPress theme versions 1.3 and earlier Anand WordPress theme versions 1.2 and earlier Anfaust WordPress theme versions 1.1 and earlier Arendelle WordPress theme versions prior to 1.1.13 Atlast Business WordPress theme versions 1.5.8.5 and earlier Bazaar Lite WordPress theme versions prior to 1.8.6 Brain Power WordPress theme versions 1.2 and earlier BunnyPressLite WordPress theme versions prior to 2.1 Cafe Bistro WordPress theme versions prior to 1.1.4 College WordPress theme versions prior to 1.5.1 Connections Reloaded WordPress theme versions 3.1 and earlier Counterpoint WordPress theme versions 1.8.1 and earlier Digitally WordPress theme versions 1.0.8 and earlier Directory WordPress theme versions prior to 3.0.2 Drop WordPress theme versions prior to 1.22 Everse WordPress theme versions prior to 1.2.4 Fashionable Store WordPress theme versions 1.3.4 and earlier Fullbase WordPress theme versions prior to 1.2.1 Ilex WordPress theme versions prior to 1.4.2 Js O3 Lite WordPress theme versions 1.5.8.2 and earlier Js Paper WordPress theme versions 2.5.7 and earlier Kata WordPress theme versions prior to 1.2.9 Kata App WordPress theme versions 1.0.5 and earlier Kata Business WordPress theme versions 1.0.2 and earlier Looki Lite WordPress theme versions prior to 1.3.0 moseter WordPress theme versions 1.3.1 and earlier Nokke WordPress theme versions prior to 1.2.4 Nothing Personal WordPress theme versions 1.0.7 and earlier Offset Writing WordPress theme versions 1.2 and earlier Opor Ayam WordPress theme versions 18 and earlier Pinzolo WordPress theme versions prior to 1.2.10 Plato WordPress theme versions prior to 1.1.9 Polka Dots WordPress theme versions 1.2 and earlier Purity Of Soul WordPress theme versions 1.9 and earlier Restaurant PT WordPress theme versions prior to 1.1.3 Saul WordPress theme versions prior to 1.1.0 Sean Lite WordPress theme versions prior to 1.4.6 Tantyyellow WordPress theme versions 1.0.0.5 and earlier TIJAJI WordPress theme versions 1.43 and earlier Tiki Time WordPress theme versions 1.3 and earlier Tuaug4 WordPress theme versions 1.4 and earlier Tydskrif WordPress theme versions 1.1.3 and earlier UltraLight WordPress theme versions 1.2 and earlier Venice Lite WordPress theme versions prior to 1.5.5 Viala WordPress theme versions 1.3.1 and earlier viburno WordPress theme versions prior to 1.3.2 Wedding Bride WordPress theme versions prior to 1.0.2 Wlow WordPress theme versions prior to 1.2.7

Description The issue is related to the search box reflecting results, causing XSS, which allows an unauthenticated attacker to exploit against users if they click a malicious link.

Recommendations As a temporary workaround, consider disabling the search box functionality until a patch is available. Restrict access to the search functionality to minimize the risk of exploitation. Avoid using the search box in the affected WordPress themes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.