Fix: CVE-2022-4321 (#8330)

* Fix: CVE-2022-4321 * added metadata --------- Co-authored-by: rivers <[email protected]> Co-authored-by: sandeep <[email protected]>
projectdiscovery · Oct 8, 2023 · aea032a · aea032a
1 parent 6b3707c
commit aea032a
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/http/cves/2022/CVE-2022-4321.yaml b/http/cves/2022/CVE-2022-4321.yaml
@@ -2,7 +2,7 @@ id: CVE-2022-4321
 
 info:
   name: PDF Generator for WordPress < 1.1.2 - Cross Site Scripting
-  author: r3Y3r53
+  author: r3Y3r53,HuTa0
   severity: medium
   description: |
     The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin
@@ -25,6 +25,7 @@ info:
     vendor: wpswings
     product: pdf_generator_for_wordpress
     framework: wordpress
+    publicwww-query: "/wp-content/plugins/pdf-generator-for-wp"
   tags: cve,cve2022,wpscan,wordpress,wp,wp-plugin,xss,pdf-generator-for-wp
 
 http:
@@ -39,6 +40,7 @@ http:
         words:
           - '><script>alert(document.domain)</script>'
           - 'pdf-generator-for-wp'
+          - 'Total execution time is'
         condition: and
 
       - type: word