Lucene search
MikaWPVDB-ID:8FD483FB-D399-4B4F-B4EF-BBFAD1B5CF1BHistoryOct 18, 2021 - 12:00 a.m.
Shared Files < 1.6.61 - Admin+ Stored Cross-Site Scripting
2021-10-1800:00:00
Mika
wpscan.com
11
shared files
admin+
cross-site scripting
download counter
unfiltered html
poc
software
EPSS
0.001
Percentile
21.8%
The plugin does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
PoC
Put the following payload in the Download Counter Text settings (and tick the Show Download Counter as well): The XSS will be triggered in pages/posts where the [shared_files] is embed and has at least one file
Related
prion
prion
Cross site scripting
2021-11-17 11:15:00
cvelist
cvelist
CVE-2021-24856 Shared Files < 1.6.61 - Admin+ Stored Cross-Site Scripting
2021-11-17 10:16:00
patchstack
patchstack
cve
cve
CVE-2021-24856
2021-11-17 11:15:08
cnvd
cnvd
WordPress Shared Files plugin cross-site scripting vulnerability
2021-11-21 00:00:00
wpexploit
wpexploit
Shared Files < 1.6.61 - Admin+ Stored Cross-Site Scripting
2021-10-18 00:00:00
nvd
nvd
CVE-2021-24856
2021-11-17 11:15:08