WordPress Tagregator plugin version 0.6 suffers from a cross site scripting vulnerability.
5e000a620ab7aca978ca7ed084590f742dea21fb74b608549fc38b2f67d04227# Exploit Title: WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
# Date: 2018-05-05
# Exploit Author: ManhNho
# Vendor Homepage: https://wordpress.org/plugins/tagregator/
# Software Link: https://downloads.wordpress.org/plugin/tagregator.0.6.zip
# Ref: https://pastebin.com/ZGr5tyP2
# Version: 0.6
# Tested on: CentOS 6.5
# CVE : CVE-2018-10752
# Category : Webapps
# 1. Description
# WordPress Plugin Tagregator 0.6 - Stored XSS
# 2. Proof of Concept
1. Login to admin panel
2. Access to Wordpress Tagregator setting, then choose Tweets/Instagram
Media/Flickr Post/Google+ Activities and click "Add New" button
3. In title field, inject XSS pattern such as:
<script>alert('xss')</script> and click Preview button
4. This site will response url that will alert popup named xss
5. Send this xss url to another administrators, we have same alert
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed