WP Helper Lite < 4.3 - Cross-Site Scripting

The WP Helper Lite WordPress plugin, in versions 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. id: CVE-2023-0448 info: name: WP Helper Lite 4.3 - Cross-Site Scripting author: ritikchaddha severity: medium description: | T...

The vulnerability of the WP Helper Lite plugin of the WordPress content management system arises from the lack of measures taken to protect the website’s structure. This allows attackers to carry out XSS attacks.

The vulnerability of the WP Helper Lite plugin of the WordPress content management system exists due to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

Cross site scripting

The WP Helper Lite WordPress plugin, in versions 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability...

WordPress plugin WP Helper Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-0448

The CVE-2023-0448 entry concerns the WordPress WP Helper Lite plugin, affected versions prior to 4.3. The issue arises because the plugin returns all GET parameters unsanitized in responses, enabling a reflected cross-site scripting (XSS) vulnerability. Practical impact described across sources i...

CVE-2023-0448

The WP Helper Lite WordPress plugin, in versions 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability...