CVE-2023-30868

HIGH NUCLEI

CMS Tree Page View <= 1.6.7 - Unauthenticated Reflected Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-30868. PoCs published by LEE SE HYOUNG. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in the CMS Tree Page View WordPress plugin (versions <= 1.6.7) via the unsanitized 'post_type' parameter. The PoC provides two payloads for different versions, requiring administrator privileges and specific plugin settings to execute arbitrary JavaScript.

Description

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Christopher CMS Tree Page View plugin <= 1.6.7 versions.

Exploits (1)

exploitdb WORKING POC
by LEE SE HYOUNG · textwebappsphp
https://www.exploit-db.com/exploits/51507

This exploit demonstrates a reflected XSS vulnerability in the CMS Tree Page View WordPress plugin (versions <= 1.6.7) via the unsanitized 'post_type' parameter. The PoC provides two payloads for different versions, requiring administrator privileges and specific plugin settings to execute arbitrary JavaScript.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: CMS Tree Page View WordPress Plugin <= 1.6.7
Auth required
Prerequisites: Administrator privileges · CMS Tree Page View plugin enabled · 'In menu' option enabled for posts
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Tree Page View Plugin < 1.6.7 - Cross-Site Scripting
MEDIUMVERIFIEDby r3Y3r53

References (2)

Core 2

Scores

CVSS v3 7.1
EPSS 0.0399
EPSS Percentile 89.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
cms_tree_page_view_project/cms_tree_page_view < 1.6.7
Jon Christopher/CMS Tree Page View < 1.6.7
Published May 18, 2023
Tracked Since Feb 18, 2026