WordPress Plugin WPFront Notification Bar 1.9.1.04012 – Stored Cross-Site Scripting (XSS)

• Exploit Database
• 12 阅读

• 作者： Swapnil Subhash Bodekar
  日期： 2021-07-13
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50120/

• # Exploit Title: WordPress Plugin WPFront Notification Bar 1.9.1.04012 - Stored Cross-Site Scripting (XSS)
  # Date: 11/07/2021
  # Exploit Author: Swapnil Subhash Bodekar
  # Vendor Homepage:
  # Software Link: https://wordpress.org/plugins/wpfront-notification-bar/
  # Version:1.9.1.04012
  # Tested on Windows
  # Category: Web Application
  
  How to reproduce vulnerability:
  
  1. Install WordPress 5.7.2
  2. Install and activate*WPFront Notification Bar* plugin.
  
  3. Navigate to *WPFront Notification Bar *>> Setting >> notification bar and
  fill the required data and enter the below-mentioned payload into the Custom
  CSS user input field.
  
  </textarea><script>prompt(1)</script>
  
  5. You will observe that the payload successfully got stored into the
  database and when you are triggering the same functionality in that time
  JavaScript payload is executing successfully and we are getting a pop-up.