cvedb.io
CVE-2023-0098
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2023-02-13T15:15:20.577 · Last modified 2026-06-17T05:24:46.710

Summary

The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber.

Affected products

getlasso — simple_urls

Does this affect you?

Add your gear to cvedb and we'll alert you only when getlasso ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.