WordPress Plugin TranslatePress 2.0.8 – Stored Cross-Site Scripting (XSS) (Authenticated)

• Exploit Database
• 15 阅读

• 作者： Nosa Shandy
  日期： 2021-09-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50343/

• # Exploit Title: WordPress Plugin TranslatePress 2.0.8 - Stored Cross-Site Scripting (XSS) (Authenticated)
  # Date: 06-08-2021
  # Exploit Author: Nosa Shandy (Apapedulimu)
  # Vendor Homepage: https://translatepress.com/
  # Software Link: https://wordpress.org/plugins/translatepress-multilingual/ 
  # Reference: https://wpscan.com/vulnerability/b87fcc2f-c2eb-4e23-9757-d1c590f26d3f
  # Version: 2.0.6 
  # Tested on: macOS 11.4
  # CVE : CVE-2021-24610
  
  Description:
  The plugin does not implement a proper filter on the 'translated' parameter when input to the database. The 'trp_sanitize_string' function only check the "<script></script>" with the preg_replace, the attacker can use the HTML Tag to execute javascript.
  
  Step To Reproduce:
  1. Go to http://localhost:8888/wordpress/?trp-edit-translation=true
  2. Input Gettext String
  3. Input the payload such as <img src=x onerror=alert(4)>
  4. Save, The payload will be executed.
  5. Look on the homepage will be affected.
  
  Video : https://drive.google.com/file/d/1PnvjHuKCvjmom6xz_sxNLBu3jixCiHy_/view?usp=sharing