Exploits / Vulnerability Discovered : 2022-07-29 |
Type : webapps |
Platform : php
This exploit / vulnerability Wordpress plugin wpuseronline 2.87.6 stored crosssite scripting (xss) is for educational purposes only and if it is used you will do on your own risk!
1. Install WordPress 6.0.1
2. Install and activate WP-UserOnline plugin.
3. Navigate to Setting >> WP-UserOnline and enter the data into the User(s) Browsing Site.
4. Add the following payload "><script>alert(1)</script> and save changes
5. On visiting the dashboard, You will observe that the payload successfully got stored in the database and when you are triggering the same functionality in that time JavaScript payload is executing successfully and we are getting a pop-up.