2 matches found
CVE-2023-0099
CVE-2023-0099 impacts the Simple URLs WordPress plugin prior to 115, which does not sufficiently sanitise/escape certain parameters before echoing them, enabling Reflected Cross-Site Scripting. The vulnerability can affect high-privilege users (e.g., admins) by crafting malicious links; CVSS v3.1...
CVE-2023-0098
CVE-2023-0098 – Simple URLs WordPress plugin : A SQL injection exists in versions prior to 115 due to unescaped input in AJAX actions accessible to any authenticated user (e.g., subscribers). This can allow low-privilege users to influence SQL statements. The issue is mitigated by upgrading to ve...