Wordpress plugin admin bar & dashboard access control version: 1.2.8 "dashboard redirect" field stored crosssite scripting (xss) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2024-02-28 |
Type : webapps |
Platform : php
This exploit / vulnerability Wordpress plugin admin bar & dashboard access control version: 1.2.8 "dashboard redirect" field stored crosssite scripting (xss) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting (XSS)
# Google Dork: NA
# Date: 28/10/2023
# Exploit Author: Rachit Arora
# Vendor Homepage:
# Software Link: https://wordpress.org/plugins/admin-bar-dashboard-control/
# Version: 1.2.8
# Category: Web Application
# Tested on: Windows
# CVE : 2023-47184
1. Install WordPress (latest)
2. Install and activate Admin Bar & Dashboard Access Control.
3. Navigate to "Admin Bar & Dash" >> Under Dashboard Access and in the "Dashboard Redirect" enter the payload into the input field.
4. You will observe that the payload successfully got stored and when you are triggering the same functionality in that time JavaScript payload is executing successfully and we are getting a pop-up.
Wordpress plugin admin bar & dashboard access control version: 1.2.8 "dashboard redirect" field stored crosssite scripting (xss)