Added wp-html-mail-xss template

2022-01-21 17:21:33 +00:00 · 2022-01-21 17:21:33 +00:00 · d24e32dbcd
parent 8a3e575e9f
commit d24e32dbcd
1 changed files with 29 additions and 0 deletions
--- a/vulnerabilities/wordpress/wp-html-mail-xss.yaml
+++ b/vulnerabilities/wordpress/wp-html-mail-xss.yaml
@ -0,0 +1,29 @@
+id: wp-html-mail-xss
+
+info:
+  name: HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting (XSS)
+  author: hexcat
+  severity: high
+  description: >
+    WordPress Email Template Designer – WP HTML Mail allows stored XSS through
+    an unprotected REST-API endpoint (CVE-2022-0218).
+  reference: https://www.wordfence.com/blog/2022/01/unauthenticated-xss-vulnerability-patched-in-html-email-template-designer-plugin/
+  tags: wordpress,wp-plugin,xss
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?rest_route=/whm/v3/themesettings"
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "application/json"
+        part: header
+      - type: word
+        words:
+          - "footer"
+        part: body