The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.
References
Link | Resource |
---|---|
https://www.tenable.com/security/research/tra-2023-3 | Exploit Third Party Advisory |
Configurations
Information
Published : 2023-01-26 13:18
Updated : 2023-02-01 08:03
NVD link : CVE-2023-0448
Mitre link : CVE-2023-0448
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
matbao
- wp_helper_premium