Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WordPress Knews Multilingual Newsletters 1.1.0 - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in the WordPress Knews Multilingual Newsletters plugin version 1.1.0. This vulnerability allows an attacker to execute arbitrary scripts in the browser of an unsuspecting user. The severity of this vulnerability is classified as high, with a CVSS score of 7.2.
The original author of this module is daffainfo.
If exploited, this cross-site scripting vulnerability can lead to various malicious activities, such as stealing sensitive user information, manipulating website content, or performing unauthorized actions on behalf of the user.
The module works by sending a specific HTTP request to the targeted WordPress Knews Multilingual Newsletters plugin. The request path includes a parameter that contains a malicious script encoded as HTML entities. The module then checks the response to see if the script is executed and if the response header indicates a content type of "text/html" with a status code of 200.
Here is an example of the HTTP request sent by the module:
GET /wp-content/plugins/knews/wysiwyg/fontpicker/?ff=</script><script>alert(document.domain)</script> HTTP/1.1
The module uses the following matching conditions to determine if the vulnerability is present:
- The response body contains the string "</script><script>alert(document.domain)</script>" - The response header includes the content type "text/html" - The response status code is 200If all of these conditions are met, the module reports the vulnerability.