CVE-2023-0448

Summary

The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.

Affected Software

VendorProductVersion RangeStatus
n/aWP Helper Lite Wordpress PluginAll versions prior to version 4.3affected

Weaknesses

  • Reflected Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References