Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:1361412562310127363HistoryMar 14, 2023 - 12:00 a.m.
WordPress Font Awesome Plugin < 4.3.2 XSS Vulnerability
2023-03-1400:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
2
wordpress
font awesome
xss
vulnerability
unvalidated attributes
unescaped attributes
update
version 4.3.2
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
25.4%
The WordPress plugin
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:fontawesome:font_awesome";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.127363");
script_version("2023-10-13T16:09:03+0000");
script_tag(name:"last_modification", value:"2023-10-13 16:09:03 +0000 (Fri, 13 Oct 2023)");
script_tag(name:"creation_date", value:"2023-03-14 06:49:13 +0000 (Tue, 14 Mar 2023)");
script_tag(name:"cvss_base", value:"5.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-01-25 14:46:00 +0000 (Wed, 25 Jan 2023)");
script_cve_id("CVE-2022-4478");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("WordPress Font Awesome Plugin < 4.3.2 XSS Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_wordpress_plugin_http_detect.nasl");
script_mandatory_keys("wordpress/plugin/font-awesome/detected");
script_tag(name:"summary", value:"The WordPress plugin 'Font Awesome' is prone to a
cross-site scripting (XSS) vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The plugin does not validate and escapes some of its shortcode
attributes before outputting them back in the page.");
script_tag(name:"affected", value:"WordPress Font Awesome prior to version 4.3.2.");
script_tag(name:"solution", value:"Update to version 4.3.2 or later.");
script_xref(name:"URL", value:"https://wpscan.com/vulnerability/4de75de5-e557-46df-9675-e3f0220f4003");
exit(0);
}
include( "host_details.inc" );
include( "version_func.inc" );
if( ! port = get_app_port( cpe: CPE ) )
exit( 0 );
if( ! infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE ) )
exit( 0 );
version = infos["version"];
location = infos["location"];
if( version_is_less( version: version, test_version: "4.3.2" ) ) {
report = report_fixed_ver( installed_version: version, fixed_version: "4.3.2", install_path: location );
security_message( port: port, data: report );
exit( 0 );
}
exit( 99 );
Related
wpvulndb
wpvulndb
Font Awesome < 4.3.2 - Contributor+ Stored XSS
2022-12-22 00:00:00
cve
cve
CVE-2022-4478
2023-01-16 16:15:12
cvelist
cvelist
CVE-2022-4478 Font Awesome < 4.3.2 - Contributor+ Stored XSS
2023-01-16 15:37:57
nvd
nvd
CVE-2022-4478
2023-01-16 16:15:12
wpexploit
wpexploit
Font Awesome < 4.3.2 - Contributor+ Stored XSS
2022-12-22 00:00:00
prion
prion
Cross site scripting
2023-01-16 16:15:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
25.4%
Related for OPENVAS:1361412562310127363