CVE-2023-46627

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 8, 2023
Updated: Nov 14, 2023
CWE ID 79

Summary

CVE-2023-46627 is a newly disclosed reflected Cross-Site Scripting (XSS) vulnerability affecting the Ashish Ajani WordPress Simple HTML Sitemap plugin versions 2.1 and below. An attacker can exploit this unauthenticated XSS flaw to inject malicious scripts into a targeted website, potentially stealing user data or gaining unauthorized access. Successful exploitation occurs when a user visits a crafted URL containing the malicious payload. Users are strongly advised to update their plugin to the latest version or deactivate it entirely as a temporary measure.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share