From aea032a1508e51b7150339c130d9552baa5ea553 Mon Sep 17 00:00:00 2001
From: HuTa0 <67937284+HuTa0kj@users.noreply.github.com>
Date: Sun, 8 Oct 2023 14:26:49 +0800
Subject: [PATCH] Fix: CVE-2022-4321 (#8330)

* Fix: CVE-2022-4321

* added metadata

---------

Co-authored-by: rivers <HuTa0@HuTa0-MacBook-Pro.local>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
---
 http/cves/2022/CVE-2022-4321.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/http/cves/2022/CVE-2022-4321.yaml b/http/cves/2022/CVE-2022-4321.yaml
index a276895caa4..5918d0eced0 100644
--- a/http/cves/2022/CVE-2022-4321.yaml
+++ b/http/cves/2022/CVE-2022-4321.yaml
@@ -2,7 +2,7 @@ id: CVE-2022-4321
 
 info:
   name: PDF Generator for WordPress < 1.1.2 - Cross Site Scripting
-  author: r3Y3r53
+  author: r3Y3r53,HuTa0
   severity: medium
   description: |
     The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin
@@ -25,6 +25,7 @@ info:
     vendor: wpswings
     product: pdf_generator_for_wordpress
     framework: wordpress
+    publicwww-query: "/wp-content/plugins/pdf-generator-for-wp"
   tags: cve,cve2022,wpscan,wordpress,wp,wp-plugin,xss,pdf-generator-for-wp
 
 http:
@@ -39,6 +40,7 @@ http:
         words:
           - '><script>alert(document.domain)</script>'
           - 'pdf-generator-for-wp'
+          - 'Total execution time is'
         condition: and
 
       - type: word