QID 730906

Date Published: 2023-09-18

QID 730906: WordPress Plugin Simple URLs Reflected Cross-Site Scripting (XSS) Vulnerability

Simple URLs is a WordPress plugin that will help you create beautiful product displays, find new opportunities, and easily manage your essential links in an affiliate dashboard.

CVE-2023-0099: WordPress plugin Simple URLs versions before 115 does not sanitize and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting vulnerability.

Affected Versions:
WordPress Plugin Simple URLs versions prior to 115

QID Detection Logic:
This unauthenticated detection checks for installed vulnerable version by executing Cross-Site Scripting (XSS) POC.

Successful exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary JavaScript code on the targeted users browser.

CVSS V3 rated as High - 6.1 severity.

CVSS V2 rated as High - 6.4 severity.

Solution

Customers are advised to upgrade to Simple URLs 115 or later version to remediate this vulnerability.

Vendor References

Simple URLs Plugin Release Notes - wordpress.org/plugins/simple-urls/#developers

CVEs related to QID 730906

CVE-2023-0099 |

Software Advisories

Advisory ID	Software	Component	Link
Simple URLs Plugin Release Notes			wordpress.org/plugins/simple-urls/#developers

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].