Medium severity4.8NVD Advisory· Published Dec 4, 2023· Updated Jun 17, 2026
CVE-2023-5137
CVE-2023-5137
Description
The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Simply Excerptsdescription
- Range: <=1.4
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/79b79e9c-ea4f-4188-a1b5-61dda0b5d434nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.