Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WordPress Plugin CP Blocks 1.0.14 - Stored Cross Site Scripting (XSS)

🗓️ 08 Feb 2022 00:00:00Reported by Shweta MahajanType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 376 Views

WordPress Plugin CP Blocks 1.0.14 Stored Cross Site Scripting (XSS) exploi

Related
Code
ReporterTitlePublishedViews
Family
0day.today		WordPress CP Blocks 1.0.14 Plugin - Stored Cross Site Scripting Vulnerability
8 Feb 202200:00
zdt
CNNVD		WordPress plugin CP Blocks 跨站脚本漏洞
8 Feb 202200:00
cnnvd
CNVD		WordPress CP Blocks plugin cross-site scripting vulnerability
14 Feb 202200:00
cnvd
CVE		CVE-2022-0448
7 Mar 202208:16
cve
Cvelist		CVE-2022-0448 CP Blocks < 1.0.15 - Admin+ Stored Cross-Site Scripting
7 Mar 202208:16
cvelist
EUVD		EUVD-2022-15587
3 Oct 202520:07
euvd
NVD		CVE-2022-0448
7 Mar 202209:15
nvd
Packet Storm		WordPress CP Blocks 1.0.14 Cross Site Scripting
8 Feb 202200:00
packetstorm
Patchstack		WordPress CP Blocks plugin <= 1.0.14 - Stored Cross-Site Scripting (XSS) vulnerability
2 Feb 202200:00
patchstack
Prion		Cross site scripting
7 Mar 202209:15
prion
Rows per page
# Exploit Title: WordPress Plugin CP Blocks 1.0.14 - Stored Cross Site Scripting (XSS)
# Date: 2022-02-02
# Exploit Author: Shweta Mahajan
# Vendor Homepage: https://wordpress.org/plugins/cp-blocks/
# Software Link: https://wordpress.org/plugins/cp-blocks/
# Tested on Windows
# CVE: CVE-2022-0448
# Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0448
https://wpscan.com/vulnerability/d4ff63ee-28e6-486e-9aa7-c878b97f707c

How to reproduce vulnerability:

1. Install Latest WordPress

2. Install and activate CP Blocks Version 1.0.14

3. Navigate to CP Blocks - License >> enter the payload into 'License ID'.

4. Enter JavaScript payload which is mentioned below
   "><script>alert(0)</script>

5. You will observe that the payload successfully got stored into the
    database and when you are triggering the same functionality at that
    time JavaScript payload gets executed successfully and we'll get a
    pop-up.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Feb 2022 00:00Current
5.5Medium risk
Vulners AI Score5.5
CVSS 23.5
CVSS 3.14.8
EPSS0.06256
wordpresscp blocks1.0.14storedcross site scriptingxssexploit
376