Lucene search
Aymane MazguitiWPEX-ID:71C5B5B5-8694-4738-8E4B-8670A8D21C86HistoryJun 05, 2023 - 12:00 a.m.
Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS
2023-06-0500:00:00
Aymane Mazguiti
59
ultimate product catalog
admin+
stored xss
setup
categories
category name
payload
product creation
vulnerability
exploit
0.001 Low
EPSS
Percentile
25.4%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
1. Navigate to the plugin setup page.
2. Go to the "Categories" section.
3. In the "Category Name" field, input the payload: `<noscript><p title="</noscript><img src=x onerror=alert(1)>`
4. Go to the fourth page and select "Create a Product".
5. In every field except "Product Image", input the payload: `<noscript><p title="</noscript><img src=x onerror=alert(1)>`
6. The payload will be executed, demonstrating the vulnerability.
Related
prion
prion
Cross site scripting
2023-06-27 14:15:00
cvelist
cvelist
CVE-2023-2711 Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS
2023-06-27 13:17:18
nvd
nvd
CVE-2023-2711
2023-06-27 14:15:11
cve
cve
CVE-2023-2711
2023-06-27 14:15:11
wpvulndb
wpvulndb
Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS
2023-06-05 00:00:00
wordfence
wordfence