bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/50246.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

19 lines
No EOL
917 B
Text
Raw Blame History

# Exploit Title: WordPress Plugin Payments Plugin | GetPaid 2.4.6 - HTML Injection
# Date: 29/08/2021
# Exploit Author: Niraj Mahajan
# Software Link: https://wordpress.org/plugins/invoicing/
# Version: 2.4.6
# Tested on Windows
*Steps to Reproduce:*
1. Install Wordpress 5.8
2. Install and Activate "WordPress Payments Plugin | GetPaid" Version 2.4.6
3. Navigate to GetPaid > Payment Forms
4. Click on "Add New" in the Payment Form page
5. Add a title and Click on Billing Email
6. You can see the "Help Text" field on the left hand side.
7. Add the below HTML code into the "Help Text" Field.
<img src="
https://www.pandasecurity.com/en/mediacenter/src/uploads/2019/07/pandasecurity-How-do-hackers-pick-their-targets.jpg"
height="200px" width="200px">
8. You will observe that the HTML code has successfully got stored into the database and executed successfully and we are getting an Image at the right hand side.
Reference in a new issue View git blame Copy permalink