Lucene search
Shweta MahajanPACKETSTORM:165886HistoryFeb 08, 2022 - 12:00 a.m.
WordPress Security Audit 1.0.0 Cross Site Scripting
2022-02-0800:00:00
Shweta Mahajan
packetstormsecurity.com
200
wordpress
security audit
cross site scripting
titan labs
cve-2021-24901
stored xss
vulnerability
javascript
windows
EPSS
0.001
Percentile
38.3%
`# Exploit Title: WordPress Plugin Security Audit 1.0.0 - Stored Cross Site Scripting (XSS)
# Date: 2022-01-26
# Exploit Author: Shweta Mahajan
# Vendor Homepage: https://en-gb.wordpress.org/plugins/titan-labs-security-audit/
# Software Link: https://en-gb.wordpress.org/plugins/titan-labs-security-audit/
# Tested on Windows
# CVE: CVE-2021-24901
# Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24901
https://wpscan.com/vulnerability/9c315404-b66a-448c-a3b7-367a37b53435
How to reproduce vulnerability:
1. Install Latest WordPress
2. Install and activate Titan-labs-security-audit Version 1.0.0
3. Navigate to Security Audit settings >> enter the payload into 'Data Id'.
4. Enter JavaScript payload which is mentioned below
"><img src=x onerror=confirm(1)>
5. You will observe that the payload successfully got stored into the
database and when you are triggering the same functionality at that
time JavaScript payload gets executed successfully and we'll get a
pop-up.
`
Related
cvelist
cvelist
CVE-2021-24901 Security Audit <= 1.0.0 - Admin+ Stored Cross Site Scripting
2022-02-28 09:06:17
nvd
nvd
CVE-2021-24901
2022-02-28 09:15:08
wpexploit
wpexploit
Security Audit <= 1.0.0 - Admin+ Stored Cross Site Scripting
2021-11-15 00:00:00
patchstack
patchstack
exploitdb
exploitdb
WordPress Plugin Security Audit 1.0.0 - Stored Cross Site Scripting (XSS)
2022-02-08 00:00:00
wpvulndb
wpvulndb
Security Audit <= 1.0.0 - Admin+ Stored Cross Site Scripting
2021-11-15 00:00:00
zdt
zdt
cve
cve
CVE-2021-24901
2022-02-28 09:15:08
prion
prion
Cross site scripting
2022-02-28 09:15:00