CVE-2022-4321
published 2023-02-06CVE-2022-4321: The PDF Generator for WordPress plugin before 1.1.2 includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be…
PriorityP333medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.19%
64.1th percentile
The PDF Generator for WordPress plugin before 1.1.2 includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpswings | pdf_generator_for_wordpress | < 1.1.2 | 1.1.2 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
PDF Generator for WordPress < 1.1.2 - Cross Site Scripting
nuclei·CVSS 6.1
CVE-2022-4321 [MEDIUM] PDF Generator for WordPress < 1.1.2 - Cross Site Scripting
PDF Generator for WordPress alert(document.domain)'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '>alert(document.domain)'
- 'pdf-generator-for-wp'
- 'Total execution time is'
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 490a0046304402204c6d07e708322bb7e79561928d6f3a4ca2c8b26ec4360f13701212701241d2b90220594dc0fb8ba2f9c7028d01ebb4062e7a5894908366f516d8eee36c7e8f8cf24f:922c64590222798bb761d5b6d8e72950
2023-02-06
Published