CVE-2023-23677 WordPress GTmetrix for WordPress Plugin <= 0.4.5 is vulnerable to Cross Site Scripting (XSS)

🗓️ 30 Mar 2023 10:58:00Reported by PatchstackType

WordPress GTmetrix Plugin XSS Vulnerabilit

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2023-23677	30 Mar 202320:57	–	circl
CNNVD	WordPress plugin GTmetrix for WordPress 跨站脚本漏洞	30 Mar 202300:00	–	cnnvd
CVE	CVE-2023-23677	30 Mar 202310:58	–	cve
EUVD	EUVD-2023-27764	3 Oct 202520:07	–	euvd
NVD	CVE-2023-23677	30 Mar 202311:15	–	nvd
OSV	CVE-2023-23677	30 Mar 202311:15	–	osv
Patchstack	WordPress GTmetrix for WordPress Plugin <= 0.4.5 is vulnerable to Cross Site Scripting (XSS)	2 Mar 202300:00	–	patchstack
Prion	Cross site scripting	30 Mar 202311:15	–	prion
Positive Technologies	PT-2023-19120 · Gtmetrix · Gtmetrix For Wordpress	30 Mar 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-23677	23 May 202505:11	–	redhatcve

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "gtmetrix-for-wordpress",
    "product": "GTmetrix for WordPress",
    "vendor": "GTmetrix",
    "versions": [
      {
        "changes": [
          {
            "at": "0.4.6",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "0.4.5",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/vulnerability/gtmetrix-for-wordpress/wordpress-gtmetrix-for-wordpress-plugin-0-4-5-cross-site-scripting-xss-vulnerability

28 Apr 2026 16:08Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.13.8

EPSS0.00196

CWE-79