Lucene search
ManhNho1337DAY-ID-30917HistoryAug 20, 2018 - 12:00 a.m.
WordPress Tagregator 0.6 Plugin - Cross-Site Scripting Vulnerability
2018-08-2000:00:00
ManhNho
0day.today
30
EPSS
0.001
Percentile
44.6%
Exploit for php platform in category web applications
# Exploit Title: WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
# Exploit Author: ManhNho
# Vendor Homepage: https://wordpress.org/plugins/tagregator/
# Software Link: https://downloads.wordpress.org/plugin/tagregator.0.6.zip
# Ref: https://pastebin.com/ZGr5tyP2
# Version: 0.6
# Tested on: CentOS 6.5
# CVE : CVE-2018-10752
# Category : Webapps
# 1. Description
# WordPress Plugin Tagregator 0.6 - Stored XSS
# 2. Proof of Concept
1. Login to admin panel
2. Access to Wordpress Tagregator setting, then choose Tweets/Instagram
Media/Flickr Post/Google+ Activities and click "Add New" button
3. In title field, inject XSS pattern such as:
<script>alert('xss')</script> and click Preview button
4. This site will response url that will alert popup named xss
5. Send this xss url to another administrators, we have same alert
# 0day.today [2018-08-20] #Related
prion
prion
Design/Logic Flaw
2018-05-05 02:29:00
wpvulndb
wpvulndb
Tagregator <= 0.6 - Stored XSS
2018-05-05 00:00:00
nvd
nvd
CVE-2018-10752
2018-05-05 02:29:00
exploitpack
exploitpack
WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
2018-08-20 00:00:00
cve
cve
CVE-2018-10752
2018-05-05 02:29:00
packetstorm
packetstorm
WordPress Tagregator 0.6 Cross Site Scripting
2018-08-21 00:00:00
cvelist
cvelist
CVE-2018-10752
2018-05-05 02:00:00
exploitdb
exploitdb
WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
2018-08-20 00:00:00