WordPress Circle Progress plugin version 1.0 suffers from a persistent cross site scripting vulnerability.
502b301ed47c56e6442e398af2ff24d0af312fd677fdee6560fd58b30b1150e8# Exploit Title: WordPress Plugin Circle progress bar – Cross site
scripting-Stored
# Date: 2-06-2023
# Exploit Author: Taliya Bilal- NightHawk
# Vendor Homepage: https://wordpress.org/plugins/circle-progress-bar/
# Version: 1.0
# Tested on: Firefox
# Contact me: taliyabilal765@gmail.com
# Steps to reproduce:
1. Install Circle progress bar and activate plugin.
2. Navigate to Circle progress bar plugin.
3. Fill the title field with xss payload <img src=x onerror=alert(1)>
4. Click the option preview post. Here the popup will appear.
#Screenshot:https://freeimage.host/i/Hrbmskvhttps://freeimage.host/i/Hrbmy4n
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed