WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-47773

7.1HIGH

Key Information:

Vendor: WordPress
Status: Permalinks Customizer
Vendor: CVE Published:; 22 November 2023

What is CVE-2023-47773?

A cross-site scripting vulnerability exists in the YAS Global Team Permalinks Customizer plugin, affecting versions up to 2.8.2. This vulnerability allows attackers to inject malicious scripts into web pages viewed by users, which could lead to session hijacking, defacement of web pages, or redirecting users to malicious sites. Proper input validation and sanitization are crucial to mitigate these types of security risks.

Affected Version(s)

Permalinks Customizer <= 2.8.2

References

https://patchstack.com/database/vulnerability/permalinks-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2023
Vulnerability Reserved
Nov 9, 2023

Credit

Le Ngoc Anh (Patchstack Alliance)

CVE-2023-47773 Data

JSON