CVE-2023-1119
MEDIUM EXPLOITED NUCLEISrbTransLatin < 2.4 - Cross-Site Scripting via Third-Party Library
Title source: llmExploitation Summary
CVE-2023-1119 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability.
Nuclei Templates (1)
WP-Optimize WordPress plugin < 3.2.13 - Cross-Site Scripting
MEDIUMVERIFIEDby ritikchaddha
FOFA:
body="/wp-content/plugins/wp-optimize"
References (1)
Core 1
Core References
Exploit, Third Party Advisory exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/2e78735a-a7fc-41fe-8284-45bf451eff06
Scores
CVSS v3
6.1
EPSS
0.0110
EPSS Percentile
61.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
VulnCheck KEV
2023-07-04
Status
published
Products (2)
srbtranslatin_project/srbtranslatin
< 2.4
updraftplus/wp-optimize
< 3.2.13
Published
Jul 10, 2023
Tracked Since
Feb 18, 2026