cbcvebase.
CVE-2023-1119
published 2023-07-10

CVE-2023-1119: The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML…

PriorityP179medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.10%
61.5th percentile
The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability.

Affected

4 ranges
VendorProductVersion rangeFixed in
linuxlinux_kernel>= 5.18.0 < 6.1.476.1.47
linuxlinux_kernel>= 6.2.0 < 6.4.126.4.12
srbtranslatin_projectsrbtranslatin< 2.42.4
updraftpluswp-optimize< 3.2.133.2.13

Detection & IOCsextracted from sources · hover to see the quote

urlalert%28document.domain%29
  • HTTP response body contains both 'alert(document.domain)' and 'Search' strings simultaneously, indicating reflected XSS payload execution in WP-Optimize or SrbTransLatin plugin
  • Response Content-Type must be text/html for the XSS to be relevant
  • HTTP 200 status code is expected in a successful XSS probe response
  • The vulnerability arises from a third-party library that removes escaping on some HTML characters, enabling XSS in WP-Optimize before 3.2.13 and SrbTransLatin before 2.4.1
  • ·The Nuclei template digest/signature is present, indicating this is a signed detection template; tampering with the template would invalidate the signature

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.