CVE-2023-0420
Published: 24 April 2023
Summary
CVE-2023-0420 is a medium-severity an unspecified weakness vulnerability in Custom Post Type And Taxonomy Gui Manager Project Custom Post Type And Taxonomy Gui Manager. Its CVSS base score is 4.8 (Medium).
Operationally, ranked at the 35.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-12477
Vulnerability details
The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads…
more
via CSRF
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.