CVE-2023-0448

MEDIUM NUCLEI

Matbao WP Helper Premium < 4.3 - XSS

Title source: rule

Description

The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.

Nuclei Templates (1)

WP Helper Lite < 4.3 - Cross-Site Scripting

MEDIUMVERIFIEDby ritikchaddha

Shodan: http.html:/wp-content/plugins/wp-helper-lite

FOFA: body=/wp-content/plugins/wp-helper-lite

References (1)

[Exploit, Third Party Advisory] https://www.tenable.com/security/research/tra-2023-3

Scores

CVSS v3 6.1

EPSS 0.2765

EPSS Percentile 96.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

matbao/wp_helper_premium < 4.3

Published Jan 26, 2023

Tracked Since Feb 18, 2026