CVE-2022-0653 - OpenCVE

The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cozmoslabs	Profile Builder

Configuration 1 [-]

cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2655168%40profile-builder&new=2655168%40profile-builder&sfp_email=&sfph_mail=	Patch Third Party Advisory
https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Wordfence

Published: 2022-02-24T18:27:05

Updated: 2022-02-24T18:27:05

Reserved: 2022-02-16T00:00:00

Link: CVE-2022-0653

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-24T19:15:09.910

Modified: 2022-03-03T21:14:23.913

Link: CVE-2022-0653

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "Profile Builder \u2013 User Profile & User Registration Forms", "vendor": "Cozmoslabs", "versions": [{"lessThanOrEqual": "3.6.1", "status": "affected", "version": "3.6.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Chloe Chamberland, Wordfence"}], "descriptions": [{"lang": "en", "value": "The Profile Builder \u2013 User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-24T18:27:05", "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/"}, {"tags": ["x_refsource_MISC"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2655168%40profile-builder&new=2655168%40profile-builder&sfp_email=&sfph_mail="}], "solutions": [{"lang": "en", "value": "Update to version 3.6.2, or newer."}], "source": {"discovery": "INTERNAL"}, "title": "Profile Builder \u2013 User Profile & User Registration Forms <= 3.6.1 Reflected Cross-Site Scripting", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "Wordfence", "ASSIGNER": "security@wordfence.com", "ID": "CVE-2022-0653", "STATE": "PUBLIC", "TITLE": "Profile Builder \u2013 User Profile & User Registration Forms <= 3.6.1 Reflected Cross-Site Scripting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Profile Builder \u2013 User Profile & User Registration Forms", "version": {"version_data": [{"version_affected": "<=", "version_name": "3.6.1", "version_value": "3.6.1"}]}}]}, "vendor_name": "Cozmoslabs"}]}}, "credit": [{"lang": "eng", "value": "Chloe Chamberland, Wordfence"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Profile Builder \u2013 User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/", "refsource": "MISC", "url": "https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/"}, {"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2655168%40profile-builder&new=2655168%40profile-builder&sfp_email=&sfph_mail=", "refsource": "MISC", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2655168%40profile-builder&new=2655168%40profile-builder&sfp_email=&sfph_mail="}]}, "solution": [{"lang": "en", "value": "Update to version 3.6.2, or newer."}], "source": {"discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2022-0653", "datePublished": "2022-02-24T18:27:05", "dateReserved": "2022-02-16T00:00:00", "dateUpdated": "2022-02-24T18:27:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2F9F7C87-4329-4B36-85D8-6C262DFBA4E6", "versionEndIncluding": "3.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Profile Builder \u2013 User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1."}, {"lang": "es", "value": "El plugin Profile Builder - User Profile & User Registration Forms de WordPress es vulnerable a un ataque de tipo Cross-Site Scripting debido a un escape y saneo insuficientes del par\u00e1metro site_url encontrado en el archivo ~/assets/misc/fallback-page.php que permite a atacantes inyectar scripts web arbitrarios en una p\u00e1gina que es ejecutado cada vez que un usuario hace clic en un enlace especialmente dise\u00f1ado por un atacante. Esto afecta a versiones hasta 3.6.1 incluy\u00e9ndola"}], "id": "CVE-2022-0653", "lastModified": "2022-03-03T21:14:23.913", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2022-02-24T19:15:09.910", "references": [{"source": "security@wordfence.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2655168%40profile-builder&new=2655168%40profile-builder&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.wordfence.com/blog/2022/02/reflected-cross-site-scripting-vulnerability-patched-in-wordpress-profile-builder-plugin/"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}