5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-1069

GHSA ID

GHSA-7j4m-f87g-5r9r

EPSS Score

0.3556%

CWE

CWE-79

Published

3/27/2023

Updated

3/31/2023

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-1069

CVE-2023-1069: Complianz WordPress plugin vulnerable to cross-site scripting

The Complianz Premium WordPress plugin before 6.4.2 did not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-1069

CVE-2023-1069:

5.4

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-1069

GHSA ID

GHSA-7j4m-f87g-5r9r

EPSS Score

0.3556%

CWE

CWE-79

Published

3/27/2023

Updated

3/31/2023

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
really-simple-plugins/complianz-gdpr	composer	< 6.4.2	6.4.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The commit diff shows critical security fixes:- In class-document.php, added sanitize_text_field() and esc_html() for shortcode text attributes- Implemented esc_attr() for service/category in JS/HTML contexts- In functions.php, added sanitize_text_field() for revocation textThese fixes directly correlate to unescaped output of user-controlled shortcode attributes in three main functions. The vulnerability pattern matches WordPress shortcode XSS where attributes are reflected without proper sanitization/escaping. The pre-patch code lacked these security measures, making these functions clear injection points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.4

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-1069: Complianz WordPress plugin vulnerable to cross-site scripting

CVE-2023-1069:

5.4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

5.4

5.4

Basic Information

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-1069: Complianz WordPress plugin vulnerable to cross-site scripting

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI