Vulnerabilities > Pretty URL Project > Pretty URL
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-15 | CVE-2023-2009 | Cross-site Scripting vulnerability in Pretty URL Project Pretty URL Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |