제출 #50191: EmbedPress Stored XSS정보

제목EmbedPress Stored XSS
설명xss vulnerability in latest EmbedPress wordpress plugin and post edit we can insert xss payload like javascript:alert and submit to post [embedpress_pdf]javascript:alert(document.location.href)[/embedpress_pdf] 1. install EmbedPress wordpress plugin 2. create new shortcode or exist shortcode 3. goto posts and create or edit exist post 4. insert payload like that [embedpress_pdf]javascript:alert(document.location.href)[/embedpress_pdf] 5. submit and goto posts view POC: https://drive.google.com/file/d/1wZXBTvdHO5egFo06gxCF06hWX7tbb5Ud/view?usp=sharing https://drive.google.com/file/d/1ikhbybTAEFVbZ3OdWNvUocl8nRhff-Kc/view?usp=sharing
사용자
 rezaduty (UID 10530)
제출2022. 10. 31. AM 08:28 (4 연령 ago)
모더레이션2022. 10. 31. PM 03:08 (7 hours later)
상태중복
VulDB 항목212503 [EmbedPress Plugin 켜짐 WordPress Shortcode post.php 크로스 사이트 스크립팅]
이유not possible without admin permissions
포인트들0

이전개요다음

Do you need the next level of professionalism?

Upgrade your account now!