Vulnerability in Simple Urls
CVE-2023-0099
The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS: 0.701 (98.7th percentile) — read the EPSS interpretation.
Affected products
- Unknown Simple Urls — versions 0
Public proof-of-concept exploits
References
- wpscan.com/vulnerability/fd50f2d6-e420-4220-b485-73f33227e8f8 (exploit, vdb-entry, technical-description)
- packetstormsecurity.com/files/176983/WordPress-Simple-URLs-Cross-Site-Scripting…
Frequently asked questions
- What is CVE-2023-0099?
- CVE-2023-0099 is a vulnerability in Simple Urls, classified under CWE-79 CROSS-SITE SCRIPTING (XSS). Published 2023-02-13.
- Is CVE-2023-0099 known to be exploited?
- 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.