5 matches found
WP Helper Lite < 4.3 - Cross-Site Scripting
The WP Helper Lite WordPress plugin, in versions 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. id: CVE-2023-0448 info: name: WP Helper Lite 4.3 - Cross-Site Scripting author: ritikchaddha severity: medium description: | T...
CVE-2023-0448
The WP Helper Lite WordPress plugin, in versions 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability...
WordPress WP Helper Premium Plugin < 4.3 is vulnerable to Cross Site Scripting (XSS)
Software WP Helper Premium Type Plugin Vulnerable versions 4.3 Fixed in 4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0448 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID c74257beed9d Credits Joshua Martinelle Required...
CVE-2023-0448
The WP Helper Lite WordPress plugin, in versions 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability...
CVE-2023-0448
The CVE-2023-0448 entry concerns the WordPress WP Helper Lite plugin, affected versions prior to 4.3. The issue arises because the plugin returns all GET parameters unsanitized in responses, enabling a reflected cross-site scripting (XSS) vulnerability. Practical impact described across sources i...