CVE-2022-0653
published 2022-02-24CVE-2022-0653: The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and…
PriorityP279medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.70%
84.1th percentile
The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cozmoslabs | profile_builder | <= 3.6.1 | — |
| cozmoslabs | profile_builder_user_profile_user_registration_forms | 3.6.1 – 3.6.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-content/plugins/profile-builder/assets/misc/fallback-page.php?site_url=javascript:alert(document.domain);&message=Not+Found&site_name=404↗
- →Send a GET request to the vulnerable endpoint with a javascript: URI in the site_url parameter; a 200 response with 'here' in the body and Content-Type: text/html confirms exploitability. ↗
- →Look for unsanitized reflection of the site_url parameter in the HTTP response body of fallback-page.php; the word 'here' appearing as a hyperlink anchor text indicates the payload is embedded. ↗
- →The vulnerability is a reflected XSS in the ~/assets/misc/fallback-page.php file via the site_url parameter; monitor HTTP access logs for requests to this path containing javascript: or other XSS payloads in the site_url query parameter. ↗
- ·Vulnerability affects Profile Builder plugin versions up to and including 3.6.1 only; patched in version 3.6.5 or later. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h98h-3vj4-grgq: The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and s
ghsa_unreviewed·2022-02-25
CVE-2022-0653 [MEDIUM] CWE-79 GHSA-h98h-3vj4-grgq: The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and s
The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.
VulnCheck
cozmoslabs profile_builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2022·CVSS 6.1
CVE-2022-0653 [MEDIUM] cozmoslabs profile_builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
cozmoslabs profile_builder Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.
Affected: cozmoslabs profile_builder
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.f5.com/labs/articl
No detection rules found.
Nuclei
Wordpress Profile Builder Plugin Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-0653 [MEDIUM] Wordpress Profile Builder Plugin Cross-Site Scripting
Wordpress Profile Builder Plugin Cross-Site Scripting
The Profile Builder User Profile & User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1..
Template:
id: CVE-2022-0653
info:
name: Wordpress Profile Builder Plugin Cross-Site Scripting
author: dhiyaneshDk
severity: medium
description: |
The Profile Builder User Profile & User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization o
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2655168%40profile-builder&new=2655168%40profile-builder&sfp_email=&sfph_mail=https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2655168%40profile-builder&new=2655168%40profile-builder&sfp_email=&sfph_mail=https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/
2022-02-24
Published
Exploited in the wild