CVE-2023-2009
CVSS 3.1 Score 4.4 of 10 (medium)
Details
Published May 15, 2023
Updated: Jan 14, 2025
CWE ID 61
Summary
CVE-2023-2009 is a vulnerability affecting the Pretty Url plugin for WordPress up to version 1.5.4. This issue permits high-privileage users to execute Stored Cross-Site Scripting attacks, despite the unfiltered_html capability being denied. The plugin fails to sanitize and escape URL fields, making it susceptible to malicious input. In multisite setups, this can lead to serious security implications.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share