Neontext Wordpress Plugin - Stored XSS

2024-03-0500:00:00

Eren Car

www.exploit-db.com

121

wordpress

plugin

stored xss

cross site scripting

vulnerability

eren car

neon text

cve-2023-5817

shortcode

proof of concept

debian

1.0

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

24.4%

JSON

# Exploit Title: Wordpress Plugin Neon Text <= 1.1 - Stored Cross Site Scripting (XSS)
# Date: 2023-11-15
# Exploit Author: Eren Car
# Vendor Homepage: https://www.eralion.com/
# Software Link: https://downloads.wordpress.org/plugin/neon-text.zip
# Category: Web Application
# Version: 1.0
# Tested on: Debian / WordPress 6.4.1
# CVE : CVE-2023-5817

# 1. Description:
The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in 1.1 and above versions. 
  
# 2. Proof of Concept (PoC):
  a. Install and activate version 1.0 of the plugin.
  b. Go to the posts page and create new post.
  c. Add shorcode block and insert the following payload:
  
		[neontext_box][neontext color='"onmouseover="alert(document.domain)"']TEST[/neontext][/neontext_box]
		
		
  d. Save the changes and preview the page. Popup window demonstrating the vulnerability will be executed.