cbcvebase.
CVE-2023-0099
published 2023-02-13

CVE-2023-0099: The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected…

PriorityP335medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.73%
74.7th percentile
The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Affected

1 ranges
VendorProductVersion rangeFixed in
getlassosimple_urls< 115115

Detection & IOCsextracted from sources · hover to see the quote

  • The reflected XSS payload is triggered via unsanitized parameters echoed back in page output; monitor HTTP responses from Simple URLs plugin pages for unescaped user-supplied input reflected in the body, particularly parameters associated with 'search_term'.
  • Attacks are likely targeted at high-privilege users (e.g., admin); look for suspicious requests to Simple URLs plugin pages originating from or delivered to admin-level sessions.
  • The Sigma rule digest for this detection is 4b0a004830460221008d1325b4bc2e95c13fd20a942410e19469c088b14f254097c9363981fecc3640022100fcea4021a4fc5c733db9a42c93d612de7b40dad1160623463aed52cc7f0168b2 (namespace 922c64590222798bb761d5b6d8e72950); use this to verify rule integrity.
  • ·The vulnerability affects Simple URLs WordPress plugin versions before 115 only; ensure version scoping is applied when deploying detections to avoid false positives on patched installations.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.