exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

WordPress WP-UserOnline 2.88.0 Cross Site Scripting

WordPress WP-UserOnline 2.88.0 Cross Site Scripting
Posted Sep 23, 2022
Authored by UnD3sc0n0c1d0

WordPress WP-UserOnline plugin version 2.88.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-2941
SHA-256 | 2d27257ac7ea666ea0f91e21e2cf2524b25f6b5630c8e00106161db5acf1445b

WordPress WP-UserOnline 2.88.0 Cross Site Scripting

Change Mirror Download
# Exploit Title: Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)
# Google Dork: inurl:/wp-content/plugins/wp-useronline/
# Date: 2022-08-24
# Exploit Author: UnD3sc0n0c1d0
# Vendor Homepage: https://github.com/lesterchan/wp-useronline
# Software Link: https://downloads.wordpress.org/plugin/wp-useronline.2.88.0.zip
# Category: Web Application
# Version: 2.88.0
# Tested on: Debian / WordPress 6.0.1
# CVE : CVE-2022-2941
# Reference: https://github.com/lesterchan/wp-useronline/commit/59c76b20e4e27489f93dee4ef1254d6204e08b3c

# 1. Technical Description:
The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions
up to, and including 2.88.0. This is due to the fact that all fields in the “Naming Conventions” section do
not properly sanitize user input, nor escape it on output. This makes it possible for authenticated attackers,
with administrative privileges, to inject JavaScript code into the setting that will execute whenever a user
accesses the injected page.

# 2. Proof of Concept (PoC):
a. Install and activate version 2.88.0 of the plugin.
b. Go to the plugin options panel (http://[TARGET]/wp-admin/options-general.php?page=useronline-settings).
c. Identify the "Naming Conventions" section and type your payload in any of the existing fields. You can use
the following payload:
<script>alert(/XSS/)</script>
d. Save the changes and now go to the Dashboard/WP-UserOnline option. As soon as you click here, your payload
will be executed.

Note: This change will be permanent until you modify the edited fields.

Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    45 Files
  • 9
    Dec 9th
    9 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close