Lucene search
ManhNhoEXPLOITPACK:B3BF6786E4B73A501D938FCE4176308CHistoryAug 20, 2018 - 12:00 a.m.
WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
2018-08-2000:00:00
ManhNho
13
0.001 Low
EPSS
Percentile
44.7%
WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
# Exploit Title: WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
# Date: 2018-05-05
# Exploit Author: ManhNho
# Vendor Homepage: https://wordpress.org/plugins/tagregator/
# Software Link: https://downloads.wordpress.org/plugin/tagregator.0.6.zip
# Ref: https://pastebin.com/ZGr5tyP2
# Version: 0.6
# Tested on: CentOS 6.5
# CVE : CVE-2018-10752
# Category : Webapps
# 1. Description
# WordPress Plugin Tagregator 0.6 - Stored XSS
# 2. Proof of Concept
1. Login to admin panel
2. Access to Wordpress Tagregator setting, then choose Tweets/Instagram
Media/Flickr Post/Google+ Activities and click "Add New" button
3. In title field, inject XSS pattern such as:
<script>alert('xss')</script> and click Preview button
4. This site will response url that will alert popup named xss
5. Send this xss url to another administrators, we have same alertRelated
packetstorm
packetstorm
WordPress Tagregator 0.6 Cross Site Scripting
2018-08-21 00:00:00
nvd
nvd
CVE-2018-10752
2018-05-05 02:29:00
zdt
zdt
WordPress Tagregator 0.6 Plugin - Cross-Site Scripting Vulnerability
2018-08-20 00:00:00
wpvulndb
wpvulndb
Tagregator <= 0.6 - Stored XSS
2018-05-05 00:00:00
prion
prion
Design/Logic Flaw
2018-05-05 02:29:00
cvelist
cvelist
CVE-2018-10752
2018-05-05 02:00:00
cve
cve
CVE-2018-10752
2018-05-05 02:29:00
exploitdb
exploitdb
WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
2018-08-20 00:00:00