2
[webapps] WordPress File Upload Plugin < 4.23.3 - Stored XSS
source link: https://www.exploit-db.com/exploits/51899
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
WordPress File Upload Plugin < 4.23.3 - Stored XSS
Exploit Title: WordPress File Upload < 4.23.3 Stored XSS (CVE 2023-4811)
Date: 18 December 2023
Exploit Author: Faiyaz Ahmad
Vendor Homepage: https://wordpress.com/
Version: 4.23.3
CVE : CVE 2023-4811
Proof Of Concept:
1. Login to the wordpress account
2. Add the following shortcode to a post in "File Upload Plugin":
[wordpress_file_upload redirect="true" redirectlink="*javascript:alert(1)*"]
3. Upload any file on the resulting post.
4. After the upload completes, you will see the XSS alert in the browser.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK