Lucene search
ManhNhoPACKETSTORM:149016HistoryAug 21, 2018 - 12:00 a.m.
WordPress Tagregator 0.6 Cross Site Scripting
2018-08-2100:00:00
ManhNho
packetstormsecurity.com
48
0.001 Low
EPSS
Percentile
44.7%
`# Exploit Title: WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
# Date: 2018-05-05
# Exploit Author: ManhNho
# Vendor Homepage: https://wordpress.org/plugins/tagregator/
# Software Link: https://downloads.wordpress.org/plugin/tagregator.0.6.zip
# Ref: https://pastebin.com/ZGr5tyP2
# Version: 0.6
# Tested on: CentOS 6.5
# CVE : CVE-2018-10752
# Category : Webapps
# 1. Description
# WordPress Plugin Tagregator 0.6 - Stored XSS
# 2. Proof of Concept
1. Login to admin panel
2. Access to Wordpress Tagregator setting, then choose Tweets/Instagram
Media/Flickr Post/Google+ Activities and click "Add New" button
3. In title field, inject XSS pattern such as:
<script>alert('xss')</script> and click Preview button
4. This site will response url that will alert popup named xss
5. Send this xss url to another administrators, we have same alert
`
Related
exploitpack
exploitpack
WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
2018-08-20 00:00:00
nvd
nvd
CVE-2018-10752
2018-05-05 02:29:00
zdt
zdt
WordPress Tagregator 0.6 Plugin - Cross-Site Scripting Vulnerability
2018-08-20 00:00:00
prion
prion
Design/Logic Flaw
2018-05-05 02:29:00
wpvulndb
wpvulndb
Tagregator <= 0.6 - Stored XSS
2018-05-05 00:00:00
cvelist
cvelist
CVE-2018-10752
2018-05-05 02:00:00
cve
cve
CVE-2018-10752
2018-05-05 02:29:00
exploitdb
exploitdb
WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
2018-08-20 00:00:00