# Exploit Title: WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting (XSS) (Authenticated)# Date: 25-10-2021# Exploit Author: Ceylan Bozogullarindan# Vendor Homepage: https://lenderd.com/# Software Link: https://mortgagecalculatorsplugin.com/# Version: 1.52# Tested on: Linux# CVE : CVE-2021-24904 (https://wpscan.com/vulnerability/7b80f89b-e724-41c5-aa03-21d1eef50f21)# Description:
The plugin gives users real-time estimates by providing mortgage calculators. It does not implement any sanitisation on the color value of the background of a calculator in admin panel, which could lead to authenticated Stored Cross-Site Scripting issues. An attacker can execute malicious javascript codes forall visitors of a page containing the calculator.# Steps To Reproduce:1. Go to settings page available under the "Calculator" menu item.2. Click the "Select Color" button andtype the following payload the input space: `hacked</style></head><script>alert(1)</script>`
3. Click the "Save Changes" button to save settings.4. Create a new page and add the shortcode ([mcwp type="cv"]) of the calculator,for testing.5. Visit the page to trigger XSS.
