Lucene search
Bastijn OuwendijkPACKETSTORM:162883HistoryJun 01, 2021 - 12:00 a.m.
WordPress WP Prayer 1.6.1 Cross Site Scripting
2021-06-0100:00:00
Bastijn Ouwendijk
packetstormsecurity.com
126
wordpress
wp prayer
cross site scripting
authenticated
vulnerability
exploit
website
user account
payload
alert
browser
EPSS
0.001
Percentile
19.8%
`# Exploit Title: WordPress Plugin WP Prayer version 1.6.1 - 'prayer_messages' Stored Cross-Site Scripting (XSS) (Authenticated)
# Date: 2021-05-31
# Exploit Author: Bastijn Ouwendijk
# Vendor Homepage: http://goprayer.com/
# Software Link: https://wordpress.org/plugins/wp-prayer/
# Version: 1.6.1 and earlier
# Tested on: Windows 10
# Proof: https://bastijnouwendijk.com/cve-2021-24313/
Steps to exploit this vulnerability:
1. Log into the WordPress website with a user account, can be a user with any role
2. Go to the page where prayer or praise request can be made and fill in the requested information
3. In the 'prayer_messages' field of the prayer request form put the payload: <script>alert("XSS")</script>
4. Submit the form
5. Go to the page where the prayer requests are listed
6. The prayer requests are loaded and an alert is shown with text 'XSS' in the browser
`
Related
wpvulndb
wpvulndb
WP Prayer < 1.6.2 - Authenticated Stored Cross-Site Scripting (XSS)
2021-05-17 00:00:00
zdt
zdt
cnvd
cnvd
WordPress WP Prayer plugin cross-site scripting vulnerability
2021-06-03 00:00:00
patchstack
patchstack
cvelist
cvelist
wpexploit
wpexploit
WP Prayer < 1.6.2 - Authenticated Stored Cross-Site Scripting (XSS)
2021-05-17 00:00:00
prion
prion
Input validation
2021-06-01 14:15:00
cve
cve
CVE-2021-24313
2021-06-01 14:15:08
nvd
nvd
CVE-2021-24313
2021-06-01 14:15:08
exploitdb
exploitdb