Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WordPress Neon Text 1.1 Cross Site Scripting

🗓️ 05 Mar 2024 00:00:00Reported by Eren CarType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 288 Views

Wordpress Neon Text 1.1 Cross Site Scripting CVE-2023-5817 Eren Ca

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Wordpress Neontext Plugin - Stored XSS Vulnerability
5 Mar 202400:00
zdt
Circl		CVE-2023-5817
27 Oct 202314:17
circl
CNNVD		WordPress plugin Neon text cross-site scripting vulnerability
27 Oct 202300:00
cnnvd
CVE		CVE-2023-5817
27 Oct 202310:59
cve
Cvelist		CVE-2023-5817 Neon text <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
27 Oct 202310:59
cvelist
Exploit DB		Neontext Wordpress Plugin - Stored XSS
5 Mar 202400:00
exploitdb
EUVD		EUVD-2023-58100
3 Oct 202520:07
euvd
NVD		CVE-2023-5817
27 Oct 202311:15
nvd
Patchstack		WordPress Neon text Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
26 Oct 202300:00
patchstack
Prion		Cross site scripting
27 Oct 202311:15
prion
Rows per page
`# Exploit Title: Wordpress Plugin Neon Text <= 1.1 - Stored Cross Site Scripting (XSS)  
# Date: 2023-11-15  
# Exploit Author: Eren Car  
# Vendor Homepage: https://www.eralion.com/  
# Software Link: https://downloads.wordpress.org/plugin/neon-text.zip  
# Category: Web Application  
# Version: 1.0  
# Tested on: Debian / WordPress 6.4.1  
# CVE : CVE-2023-5817  
  
# 1. Description:  
The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in 1.1 and above versions.   
  
# 2. Proof of Concept (PoC):  
a. Install and activate version 1.0 of the plugin.  
b. Go to the posts page and create new post.  
c. Add shorcode block and insert the following payload:  
  
[neontext_box][neontext color='"onmouseover="alert(document.domain)"']TEST[/neontext][/neontext_box]  
  
  
d. Save the changes and preview the page. Popup window demonstrating the vulnerability will be executed.  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
05 Mar 2024 00:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.15.4 - 6.4
EPSS0.00082
wordpress neon textcross site scriptingstored xsscve-2023-5817eren carplugin vulnerabilityweb applicationpoc
288