CVE-2023-4294
Published: 11 September 2023
Summary
CVE-2023-4294 is a medium-severity an unspecified weakness vulnerability in Kaizencoders Url Shortify. Its CVSS base score is 6.1 (Medium).
Operationally, ranked in the top 3.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The URL Shortify WordPress plugin before version 1.7.6 contains a reflected cross-site scripting vulnerability stemming from insufficient escaping of the HTTP Referer header value. This flaw resides in the plugin's handling of short-link statistics and affects any site running the vulnerable component, allowing script injection into the administrative interface without authentication.
An unauthenticated remote attacker can supply a crafted Referer header when accessing a short link, causing malicious JavaScript to execute in the browser of an administrator who later views the plugin's statistics page. Successful exploitation yields limited control over the admin interface, such as the ability to read or modify displayed data within the plugin's scope, corresponding to the reported CVSS 6.1 rating that reflects network attack vector, low complexity, and required user interaction.
The referenced WPScan advisory identifies the issue and notes that the flaw is resolved in version 1.7.6. The associated EPSS score reached a peak of 0.3641 with a current value of 0.2975, indicating sustained moderate exploitation interest following public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-54165
Vulnerability details
The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short…
more
link.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.