Vulnerability Details CVE-2023-0099
The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.514
EPSS Ranking 97.8%
CVSS Severity
CVSS v3 Score 6.1
References
- http://packetstormsecurity.com/files/176983/WordPress-Simple-URLs-Cross-Site-Scripting.html
- https://wpscan.com/vulnerability/fd50f2d6-e420-4220-b485-73f33227e8f8
- http://packetstormsecurity.com/files/176983/WordPress-Simple-URLs-Cross-Site-Scripting.html
- https://wpscan.com/vulnerability/fd50f2d6-e420-4220-b485-73f33227e8f8
Products affected by CVE-2023-0099
-
cpe:2.3:a:getlasso:simple_urls:-
-
cpe:2.3:a:getlasso:simple_urls:0.9
-
cpe:2.3:a:getlasso:simple_urls:0.9.1
-
cpe:2.3:a:getlasso:simple_urls:0.9.2
-
cpe:2.3:a:getlasso:simple_urls:0.9.3
-
cpe:2.3:a:getlasso:simple_urls:0.9.4
-
cpe:2.3:a:getlasso:simple_urls:0.9.5
-
cpe:2.3:a:getlasso:simple_urls:0.9.6
-
cpe:2.3:a:getlasso:simple_urls:0.9.7
-
cpe:2.3:a:getlasso:simple_urls:0.9.8
-
cpe:2.3:a:getlasso:simple_urls:0.9.9
-
cpe:2.3:a:getlasso:simple_urls:104
-
cpe:2.3:a:getlasso:simple_urls:105
-
cpe:2.3:a:getlasso:simple_urls:106
-
cpe:2.3:a:getlasso:simple_urls:107
-
cpe:2.3:a:getlasso:simple_urls:108
-
cpe:2.3:a:getlasso:simple_urls:109
-
cpe:2.3:a:getlasso:simple_urls:110
-
cpe:2.3:a:getlasso:simple_urls:111
-
cpe:2.3:a:getlasso:simple_urls:112
-
cpe:2.3:a:getlasso:simple_urls:113
-
cpe:2.3:a:getlasso:simple_urls:114