daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2022/CVE-2022-0653.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-02-28 16:13:26 -05:00
parent 48713e4d81
commit 746893454c
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cves/2022/CVE-2022-0653.yaml
View File

@ -1,13 +1,17 @@
id: CVE-2022-0653
info:
name: Wordpress Profile Builder Plugin XSS
name: Wordpress Profile Builder Plugin Cross-Site Scripting
author: dhiyaneshDk
severity: medium
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0653
- https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/
tags: cve,cve2022,wordpress,xss,wp-plugin
description: "The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.\n\n"
description: "The Profile Builder User Profile & User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.\n\n."
remediation: Upgrade to version 3.6.5 or later.
classification:
cve-id: CVE-2022-0653
requests:
- method: GET
@ -29,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/02/28