CVE-2023-3118

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 61.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Export ALL Urls Atlasgondal Export ALL Urls

Timeline

PublishedJul 10

Description

The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5unknown/export_all_urls< 4.6

▶NVDatlasgondal/export_all_urls< 4.6

🔴Vulnerability Details

GHSA

GHSA-x682-h73h-4x67: The Export All URLs WordPress plugin before 4↗2023-07-10

▶

CVEList

Export All URLs < 4.6 - Reflected XSS↗2023-07-10

▶