Hub Appsec rule

More info

vpatch-CVE-2023-6000 AppSec Rule

« vpatch-CVE-2023-6000 »
v0.1 by crowdsecurity
AppSec rule

Detects unauthenticated stored XSS in WordPress Popup Builder plugin via sgpb-WillOpen parameter.

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2023-6000

YAML Configuration

1## autogenerated on 2025-09-24 14:14:58
2name: crowdsecurity/vpatch-CVE-2023-6000
3description: 'Detects unauthenticated stored XSS in WordPress Popup Builder plugin via sgpb-WillOpen parameter.'
4rules:
5  - and:
6      - zones:
7          - URI
8        transform:
9          - lowercase
10        match:
11          type: contains
12          value: /
13      - zones:
14          - BODY_ARGS
15        variables:
16          - sgpb-willopen
17        transform:
18          - lowercase
19          - urldecode
20        match:
21          type: contains
22          value: "<"
23      - zones:
24          - BODY_ARGS
25        variables:
26          - sgpb-is-preview
27        transform:
28          - lowercase
29          - urldecode
30        match:
31          type: contains
32          value: "1"
33
34labels:
35  type: exploit
36  service: http
37  confidence: 3
38  spoofable: 0
39  behavior: 'http:exploit'
40  label: 'WordPress Popup Builder - XSS'
41  classification:
42    - cve.CVE-2023-6000
43    - attack.T1059
44    - cwe.CWE-79
45

Hub Appsec rule

« vpatch-CVE-2023-6000 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2023-6000 »
v0.1 by crowdsecurity
AppSec rule