Lucene search

K
exploitdbManhNhoEDB-ID:45225
HistoryAug 20, 2018 - 12:00 a.m.

WordPress Plugin Tagregator 0.6 - Cross-Site Scripting

2018-08-2000:00:00
ManhNho
www.exploit-db.com
25

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

44.6%

# Exploit Title: WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
# Date: 2018-05-05
# Exploit Author: ManhNho
# Vendor Homepage: https://wordpress.org/plugins/tagregator/
# Software Link: https://downloads.wordpress.org/plugin/tagregator.0.6.zip
# Ref: https://pastebin.com/ZGr5tyP2
# Version: 0.6
# Tested on: CentOS 6.5
# CVE : CVE-2018-10752
# Category : Webapps

# 1. Description
# WordPress Plugin Tagregator 0.6 - Stored XSS

# 2. Proof of Concept

1. Login to admin panel
2. Access to Wordpress Tagregator setting, then choose Tweets/Instagram
Media/Flickr Post/Google+ Activities and click "Add New" button
3. In title field, inject XSS pattern such as:
    <script>alert('xss')</script> and click Preview button
4. This site will response url that will alert popup named xss
5. Send this xss url to another administrators, we have same alert

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

44.6%