CVE-2023-0589
MediumPublic PoC
Published: 27 March 2023
Published
27 March 2023
Modified
05 May 2025
KEV Added
—
Patch
—
CVSS Score v3.1
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.0018
39.6th percentile
Risk Priority
11
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2023-0589 is a medium-severity an unspecified weakness vulnerability in Wp Image Carousel Project Wp Image Carousel. Its CVSS base score is 5.4 (Medium).
Operationally, ranked at the 39.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-12629
Vulnerability details
The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
wp image carousel project
wp image carousel
≤ 1.0.2
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.