Exploit/Advisories no image

Published on November 12th, 2021 📆 | 7264 Views ⚑

0

WordPress AccessPress Social Icons 1.8.2 Cross Site Scripting – Torchsec

WordPress AccessPress Social Icons 1.8.2 Cross Site Scripting
Posted Nov 12, 2021
Authored by Murat Demirci

WordPress AccessPress Social Icons plugin version 1.8.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8a797400446972ed44d178f0fcc09d8c
# Exploit Title: WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting (XSS)
# Date: 11/12/2021
# Exploit Author: Murat DEMIRCI (@butterflyhunt3r)
# Vendor Homepage: https://accesspressthemes.com/
# Software Link: https://wordpress.org/plugins/accesspress-social-icons/
# Version: 1.8.2
# Tested on : Windows 10

#Poc:

1. Install Latest WordPress
2. Install and activate AccessPress Social Icons 1.8.2
3. Open plugin on the left frame and keep going "add new" field. Click "Choose icon indiviually" and fill other fields.
4. Enter JavaScript payload which is mentioned below into 'icon title' field and "Add Icon to list".

4. You will observe that the payload successfully got stored into the database and alert will be seen on the screen.

Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *