CVE-2023-1080

MEDIUM NUCLEI

Gnpublisher GN Publisher < 1.5.5 - XSS

Title source: rule

Description

The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Nuclei Templates (1)

WordPress GN Publisher <1.5.6 - Cross-Site Scripting
MEDIUMVERIFIEDby r3Y3r53

References (4)

Scores

CVSS v3 6.1
EPSS 0.4466
EPSS Percentile 97.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
gnpublisher/gn_publisher < 1.5.5
gnpublisher/GN Publisher: Google News Compatible RSS Feeds < 1.5.5
Published Feb 28, 2023
Tracked Since Feb 18, 2026