CVE-2023-0448

State: PUBLISHED · Published: 2023-01-24 · Updated: 2025-04-02 · Assigner: tenable

Description

The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.

CWE

CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected

n/a / WP Helper Lite Wordpress Plugin — v=All versions prior to version 4.3 [affected]

CVSS

(none)

References

https://www.tenable.com/security/research/tra-2023-3

Source

cvelistV5-main/cves/2023/0xxx/CVE-2023-0448.json