إرسال #50191: EmbedPress Stored XSSالمعلومات

عنوانEmbedPress Stored XSS
الوصفxss vulnerability in latest EmbedPress wordpress plugin and post edit we can insert xss payload like javascript:alert and submit to post [embedpress_pdf]javascript:alert(document.location.href)[/embedpress_pdf] 1. install EmbedPress wordpress plugin 2. create new shortcode or exist shortcode 3. goto posts and create or edit exist post 4. insert payload like that [embedpress_pdf]javascript:alert(document.location.href)[/embedpress_pdf] 5. submit and goto posts view POC: https://drive.google.com/file/d/1wZXBTvdHO5egFo06gxCF06hWX7tbb5Ud/view?usp=sharing https://drive.google.com/file/d/1ikhbybTAEFVbZ3OdWNvUocl8nRhff-Kc/view?usp=sharing
المستخدم
 rezaduty (UID 10530)
ارسال31/10/2022 08:28 AM (4 سنوات منذ)
الاعتدال31/10/2022 03:08 PM (7 hours later)
الحالةمكرر
إدخال VulDB212503 [EmbedPress Plugin على WordPress Shortcode post.php البرمجة عبر المواقع]
السببnot possible without admin permissions
النقاط0

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!