CVE-2023-0448

Name of the Vulnerable Software and Affected Versions WP Helper Lite versions prior to 4.3

Description The issue arises from the plugin returning all GET parameters unsanitized in the response, leading to a reflected cross-site scripting vulnerability. This can be exploited by a remote attacker to conduct an inter-site scripting attack, potentially allowing them to inject malicious scripts into websites.

Recommendations For versions prior to 4.3, update to version 4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality until a patch is applied. Avoid using the plugin with unsanitized GET parameters in the response until the issue is resolved.