From e8bb2eb69fb6777c67d2f817a3ec1751cbe9cf08 Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Wed, 27 Oct 2021 05:02:12 +0000
Subject: [PATCH] DB: 2021-10-27

1 changes to exploits/shellcodes

WordPress Plugin Filterable Portfolio Gallery 1.0 - 'title' Stored Cross-Site Scripting (XSS)
---
 exploits/php/webapps/50458.txt | 19 +++++++++++++++++++
 files_exploits.csv             |  1 +
 2 files changed, 20 insertions(+)
 create mode 100644 exploits/php/webapps/50458.txt

diff --git a/exploits/php/webapps/50458.txt b/exploits/php/webapps/50458.txt
new file mode 100644
index 000000000..100569787
--- /dev/null
+++ b/exploits/php/webapps/50458.txt
@@ -0,0 +1,19 @@
+# Exploit Title: WordPress Plugin Filterable Portfolio Gallery 1.0 - 'title' Stored Cross-Site Scripting (XSS)
+# Date: 10/25/2021
+# Exploit Author: Murat DEMIRCI (@butterflyhunt3r)
+# Vendor Homepage: http://www.filterable-portfolio.com/
+# Software Link: https://wordpress.org/plugins/fg-gallery/
+# Version: 1.0
+# Tested on : Windows 10
+
+#Poc:
+
+1. Install Latest WordPress
+
+2. Install and activate Filterable Portfolio Gallery 1.0
+
+3. Open plugin on the left frame and enter JavaScript payload which is mentioned below into 'title' field, save and preview.
+
+<img src=x onerror=alert(1)>
+
+4. You will observe that the payload successfully got stored into the database and alert will be seen on the screen.
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index f9590ca4c..4f3656328 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -44410,3 +44410,4 @@ id,file,description,date,author,type,platform,port
 50455,exploits/php/webapps/50455.txt,"WordPress Plugin Ninja Tables 4.1.7 - Stored Cross-Site Scripting (XSS)",1970-01-01,"Akash Patil",webapps,php,
 50456,exploits/php/webapps/50456.js,"Wordpress 4.9.6 - Arbitrary File Deletion (Authenticated) (2)",1970-01-01,samguy,webapps,php,
 50457,exploits/php/webapps/50457.py,"phpMyAdmin 4.8.1 - Remote Code Execution (RCE)",1970-01-01,samguy,webapps,php,
+50458,exploits/php/webapps/50458.txt,"WordPress Plugin Filterable Portfolio Gallery 1.0 - 'title' Stored Cross-Site Scripting (XSS)",1970-01-01,"Murat DEMİRCİ",webapps,php,