bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/50458.txt
Offensive Security e8bb2eb69f DB: 2021-10-27 
1 changes to exploits/shellcodes

WordPress Plugin Filterable Portfolio Gallery 1.0 - 'title' Stored Cross-Site Scripting (XSS)
2021-10-27 05:02:12 +00:00

19 lines
No EOL
703 B
Text
Raw Blame History

# Exploit Title: WordPress Plugin Filterable Portfolio Gallery 1.0 - 'title' Stored Cross-Site Scripting (XSS)
# Date: 10/25/2021
# Exploit Author: Murat DEMIRCI (@butterflyhunt3r)
# Vendor Homepage: http://www.filterable-portfolio.com/
# Software Link: https://wordpress.org/plugins/fg-gallery/
# Version: 1.0
# Tested on : Windows 10
#Poc:
1. Install Latest WordPress
2. Install and activate Filterable Portfolio Gallery 1.0
3. Open plugin on the left frame and enter JavaScript payload which is mentioned below into 'title' field, save and preview.
<img src=x onerror=alert(1)>
4. You will observe that the payload successfully got stored into the database and alert will be seen on the screen.
Reference in a new issue View git blame Copy permalink