Vulnerability Details CVE-2023-0420
The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.2%
CVSS Severity
CVSS v3 Score 4.8
References
Products affected by CVE-2023-0420
-
Custom Post Type And Taxonomy Gui Manager Project » Custom Post Type And Taxonomy Gui Manager » Version: N/Acpe:2.3:a:custom_post_type_and_taxonomy_gui_manager_project:custom_post_type_and_taxonomy_gui_manager:-
-
Custom Post Type And Taxonomy Gui Manager Project » Custom Post Type And Taxonomy Gui Manager » Version: 1.1cpe:2.3:a:custom_post_type_and_taxonomy_gui_manager_project:custom_post_type_and_taxonomy_gui_manager:1.1