-/10CrowdSec Score
Pretty Url - XSS (CVE-2023-2009)
Published on15-05-2023
First seen on01-01-1970
CVSS 4.8/10N/a - Pretty Url
0Exploiting IPs reported
Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Exploitation
Get real-time information about exploitation attempts and actors involved.
Common Weakness Enumeration (CWE)
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.