Cyber Resilience

CVE-2023-0420

MediumPublic PoC

Published: 24 April 2023

Published
24 April 2023
Modified
04 February 2025
KEV Added
Patch
CVSS Score v3.1 4.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS Score 0.0015 35.8th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-0420 is a medium-severity an unspecified weakness vulnerability in Custom Post Type And Taxonomy Gui Manager Project Custom Post Type And Taxonomy Gui Manager. Its CVSS base score is 4.8 (Medium).

Operationally, ranked at the 35.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads…

more

via CSRF

CWE(s)
None listed

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

custom post type and taxonomy gui manager project
custom post type and taxonomy gui manager
≤ 1.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References