WordPress Accessibility Help Button plugin version 1.1 suffers from a cross site scripting vulnerability.
75d6a490d9ad9d368b93b382cdec95460a02be1d91acb59904a7b7fef549de78# Exploit Title: WordPress Plugin Accessibility Help Button – Stored
Cross Site Scripting.
# Date: 2-04-2023
# Exploit Author: Taliya Bilal- NightHawk
# Vendor Homepage: https://wordpress.com/plugins/accessibility-help-button
# Version: 1.1
# Tested on: Firefox
# Contact me: taliyabilal765@gmail.com
# Steps to reproduce:
1. Install Accessibility Help Button WordPress plugin and activate.
2. Go to Options and on Button Text input field inject XSS payload
<script>alert('XSS')</script>
3. Fill out the whole form and click the save button below.
3. XSS will trigger.
#Screenshot:https://freeimage.host/i/HOBXWqg
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed