Published: 13/02/2023 Updated: 05/02/2024

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 0

The Simple URLs WordPress plugin prior to 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Vulnerable Product	Search on Vulmon	Subscribe to Product
getlasso simple urls

WordPress Simple URLs plugin versions prior to 115 suffer from a cross site scripting vulnerability ...

simple urls < 115 - Reflected XSS

CVE-2023-0099-exploit Exploit Title: simple urls < 115 - Reflected XSS Google Dork: Exploit Author: AmirZargham Vendor Homepage: getlassoco/ Software Link: wordpressorg/plugins/simple-urls/ Version: < 115 Tested on: firefox,chrome CVE: CVE-2023-0099 CWE: CWE-79 Platform: MULTIPLE Type: WebApps Description The Simple URLs WordPress plugin before 1

https://wpscan.com/vulnerability/fd50f2d6-e420-4220-b485-73f33227e8f8 http://packetstormsecurity.com/files/176983/WordPress-Simple-URLs-Cross-Site-Scripting.html https://nvd.nist.gov https://github.com/amirzargham/CVE-2023-0099-exploit https://packetstormsecurity.com/files/176983/WordPress-Simple-URLs-Cross-Site-Scripting.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-0099

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect