Wordpress file upload plugin < 4.23.3 stored xss Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2024-03-18 | Type : webapps | Platform : php
This exploit / vulnerability Wordpress file upload plugin < 4.23.3 stored xss is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

Exploit Title: WordPress File Upload < 4.23.3 Stored XSS (CVE 2023-4811)
Date: 18 December 2023
Exploit Author: Faiyaz Ahmad
Vendor Homepage: https://wordpress.com/
Version: 4.23.3
CVE : CVE 2023-4811

Proof Of Concept:

1. Login to the wordpress account

2. Add the following shortcode to a post in "File Upload Plugin":

[wordpress_file_upload redirect="true" redirectlink="*javascript:alert(1)*"]

3. Upload any file on the resulting post.
4. After the upload completes, you will see the XSS alert in the browser.

Wordpress file upload plugin < 4.23.3 stored xss


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Wordpress file upload plugin < 4.23.3 stored xss Vulnerability / Exploit