2

[webapps] WordPress File Upload Plugin < 4.23.3 - Stored XSS

 2 months ago
source link: https://www.exploit-db.com/exploits/51899
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

WordPress File Upload Plugin < 4.23.3 - Stored XSS

EDB-ID:

51899

EDB Verified:

Exploit:

  /  

Platform:

PHP

Date:

2024-03-18

Vulnerable App:

Exploit Title: WordPress File Upload < 4.23.3 Stored XSS (CVE 2023-4811)
Date: 18 December 2023
Exploit Author: Faiyaz Ahmad
Vendor Homepage: https://wordpress.com/
Version: 4.23.3
CVE : CVE 2023-4811

Proof Of Concept:

1. Login to the wordpress account

2. Add the following shortcode to a post in "File Upload Plugin":

[wordpress_file_upload redirect="true" redirectlink="*javascript:alert(1)*"]

3. Upload any file on the resulting post.
4. After the upload completes, you will see the XSS alert in the browser.

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK