Vulnerabilities > Pretty URL Project

DATE CVE VULNERABILITY TITLE RISK
2023-05-15 CVE-2023-2009 Cross-site Scripting vulnerability in Pretty URL Project Pretty URL
Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
network
low complexity
pretty-url-project CWE-79
4.8