Vulnerability Details : CVE-2023-0420
Potential exploit
The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF
Vulnerability category: Cross site scripting (XSS)Cross-site request forgery (CSRF)
Products affected by CVE-2023-0420
- Custom Post Type And Taxonomy Gui Manager Project » Custom Post Type And Taxonomy Gui Manager » For WordpressVersions up to, including, (<=) 1.1cpe:2.3:a:custom_post_type_and_taxonomy_gui_manager_project:custom_post_type_and_taxonomy_gui_manager:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0420
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0420
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.8
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
1.7
|
2.7
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-04 |
|
4.8
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
1.7
|
2.7
|
NIST |
References for CVE-2023-0420
-
https://wpscan.com/vulnerability/266e417f-ece7-4ff5-a724-4d9c8e2f3faa
Just a moment...Exploit;Third Party Advisory
Jump to