Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2018-10752 | CWE-79 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Mario Ceballos | High | Remote | 2018-08-21 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L | 0.02192 | 0.50148 |
# Exploit Title: WordPress Plugin Tagregator 0.6 - Cross-Site Scripting # Date: 2018-05-05 # Exploit Author: ManhNho # Vendor Homepage: https://wordpress.org/plugins/tagregator/ # Software Link: https://downloads.wordpress.org/plugin/tagregator.0.6.zip # Ref: https://pastebin.com/ZGr5tyP2 # Version: 0.6 # Tested on: CentOS 6.5 # CVE : CVE-2018-10752 # Category : Webapps # 1. Description # WordPress Plugin Tagregator 0.6 - Stored XSS # 2. Proof of Concept 1. Login to admin panel 2. Access to Wordpress Tagregator setting, then choose Tweets/Instagram Media/Flickr Post/Google+ Activities and click "Add New" button 3. In title field, inject XSS pattern such as: <script>alert('xss')</script> and click Preview button 4. This site will response url that will alert popup named xss 5. Send this xss url to another administrators, we have same alert
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.