HTTP: WordPress Ketchup Restaurant Reservations Plugin Data Cross-Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability against Ketchup Restaurant Reservations Plugin of WordPress. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made
Affected Products
Ketchup_restaurant_reservations_project ketchup_restaurant_reservations
References
CVE: CVE-2022-2753
Short Name
HTTP:XSS:WP-KETCHUP-PLUGIN-XSS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2022-2753 Cross-Site Data Ketchup Plugin Reservations Restaurant Scripting WordPress
Release Date
10/17/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3537
False Positive
Unknown
Vendors
Ketchup_restaurant_reservations_project