Simple Post <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. PoC 1. Install WordPress 5.7.2 2. Install and activate Simple Post 3. Navigate to...

KN Fix Your Title <= 1.0.1 - Authenticated Stored XSS

The plugin was vulnerable to Authenticated Stored XSS in the separator field. PoC 1. Install WordPress 5.7.2 2. Install and activate KN Fix Your Title 3. Navigate to Fix Title under Settings Tab Click on I have done this and enter the XSS payload into the Separator input field. 4. Click Save...

WordPress Mimetic Books 0.2.13 Cross Site Scripting

Exploit Title: WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting XSS Date: 18/07/2021 Exploit Author: Vikas Srivastava Vendor Homepage: Software Link: https://wordpress.org/plugins/mimetic-books/ Version: 0.2.13 Category: Web Application Tested on Ma...

Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. 1. Install WordPress 5.7.2 2. Install and activate Custom Book 3...

WordPress Plugin wpDiscuz 7.0.4 - Remote Code Execution (Unauthenticated)

Exploit Title: WordPress Plugin wpDiscuz 7.0.4 - Remote Code Execution Unauthenticated Date: 2021/06/08 Exploit Author: Fellipe Oliveira Vendor Homepage: https://gvectors.com/ Software Link: https://downloads.wordpress.org/plugin/wpdiscuz.7.0.4.zip Version: wpDiscuz 7.0.4 Tested on: Debian9,...