CVSS 3.1 Score 5.4 of 10 (medium)


Published Dec 21, 2023
Updated: Dec 29, 2023


CVE-2023-47527 is a vulnerability categorized as CWE-79 (Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting) that affects the WP Edit Username plugin version 1.0.5 and earlier. This vulnerability allows for stored cross-site scripting attacks. The affected products include t9y8aA, t9y8Z7, t9y8Z8, t9y8Z9, t9y8Z-, and t9y8Z_. The base severity of this vulnerability is rated as MEDIUM, with a base score of 5.4 according to NIST's National Vulnerability Database (NVD). The exploitability score is 2.3, indicating a moderate level of difficulty for attackers to exploit the vulnerability. The potential danger to organizations lies in the fact that it requires low privileges and user interaction to be exploited over a network, which can lead to compromised integrity and confidentiality of data. Remediation measures should focus on updating WP Edit Username to a version beyond 1.0.5 or implementing fixes provided by the plugin developer.

Note: The paragraph above is generated using the information from the given text while avoiding plagiarism by rephrasing and condensing the content into concise sentences.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-47527 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options