CVE-2023-0420

Name of the Vulnerable Software and Affected Versions Custom Post Type and Taxonomy GUI Manager WordPress plugin version 1.1

Description The issue is related to the lack of CSRF protection and insufficient sanitizing and escaping of parameters, allowing attackers to make a logged-in admin put Stored Cross-Site Scripting payloads via CSRF. This enables attackers to potentially execute malicious scripts on the site.

Recommendations For version 1.1, consider disabling the plugin until a patch is available to mitigate the risk of Stored Cross-Site Scripting attacks. Restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the plugin's features that involve user input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.