Vulnerability CVE-2023-0099


Published: 2023-02-13

Description:
The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Wordpress simple urls Plugin < 115 XSS
AmirZargham
15.02.2024

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://wpscan.com/vulnerability/fd50f2d6-e420-4220-b485-73f33227e8f8

Copyright 2024, cxsecurity.com

 

Back to Top