Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitAnanda KrishnaWPEX-ID:BEEBAE8F-FA48-46C9-9E57-CE724850201C
HistoryDec 26, 2019 - 12:00 a.m.

WP Accessibility < 1.7.0 - Minor Authenticated Stored XSS in custom CSS

2019-12-2600:00:00
Ananda Krishna
3
JSON

A minor authenticated stored XSS vulnerability was found in the β€œStyles for Skiplinks when they have focus” section of the WP Accessibility plugin.

1) Navigate to the Settings page of the plugin

https://example.com/wp-admin/options-general.php?page=wp-accessibility/wp-accessibility.php

2) Select the checkbox next to "Enable Skiplinks"

3) Under the "Styles for Skiplinks when they have focus" option, enter the following XSS payload:

</style><script>alert(/0/)</script>

4) Navigate to the WordPress homepage and you'll see an XSS popup
JSON