CVE-2023-0099

Name of the Vulnerable Software and Affected Versions Simple URLs WordPress plugin versions prior to 115

Description The issue exists due to the lack of protection of the web page structure, allowing an attacker to perform cross-site scripting attacks. This can lead to Reflected Cross-Site Scripting, which could be used against high-privilege users such as administrators. The vulnerability is caused by the plugin not sanitizing and escaping some parameters before outputting them back in some pages.

Recommendations For Simple URLs WordPress plugin versions prior to 115, update to version 115 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation. Avoid using the vulnerable plugin until the issue is resolved.