WordPress File Upload Plugin < 4.23.3 - Stored XSS

• Exploit Database
• 87 阅读

• 作者： Faiyaz Ahmad
  日期： 2024-03-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51899/

• Exploit Title: WordPress File Upload < 4.23.3 Stored XSS (CVE 2023-4811)
  Date: 18 December 2023
  Exploit Author: Faiyaz Ahmad
  Vendor Homepage: https://wordpress.com/
  Version: 4.23.3
  CVE : CVE 2023-4811
  
  Proof Of Concept:
  
  1. Login to the wordpress account
  
  2. Add the following shortcode to a post in "File Upload Plugin":
  
  [wordpress_file_upload redirect="true" redirectlink="*javascript:alert(1)*"]
  
  3. Upload any file on the resulting post.
  4. After the upload completes, you will see the XSS alert in the browser.
  

  Python

  Copy