CVE-2023-2009

Name of the Vulnerable Software and Affected Versions Pretty Url WordPress plugin versions 1.5.4 and earlier

Description The issue arises from the plugin's failure to sanitize and escape the URL field in its settings, potentially allowing high-privilege users to perform Stored Cross-Site Scripting attacks. This vulnerability can be exploited even when the unfiltered html capability is disallowed, such as in a multisite setup.

Recommendations For versions 1.5.4 and earlier, as a temporary workaround, consider disabling the URL field in the plugin settings until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation. Avoid using the URL field in the affected plugin settings until the issue is resolved.