Lucene search
Shweta Mahajan1337DAY-ID-37328HistoryFeb 08, 2022 - 12:00 a.m.
WordPress Security Audit 1.0.0 Plugin - Stored Cross Site Scripting Vulnerability
2022-02-0800:00:00
Shweta Mahajan
0day.today
174
wordpress
security audit
cross site scripting
titan labs
vulnerability
stored xss
cve-2021-24901
windows
javascript
database
EPSS
0.001
Percentile
38.3%
# Exploit Title: WordPress Plugin Security Audit 1.0.0 - Stored Cross Site Scripting (XSS)
# Exploit Author: Shweta Mahajan
# Vendor Homepage: https://en-gb.wordpress.org/plugins/titan-labs-security-audit/
# Software Link: https://en-gb.wordpress.org/plugins/titan-labs-security-audit/
# Tested on Windows
# CVE: CVE-2021-24901
# Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24901
https://wpscan.com/vulnerability/9c315404-b66a-448c-a3b7-367a37b53435
How to reproduce vulnerability:
1. Install Latest WordPress
2. Install and activate Titan-labs-security-audit Version 1.0.0
3. Navigate to Security Audit settings >> enter the payload into 'Data Id'.
4. Enter JavaScript payload which is mentioned below
"><img src=x onerror=confirm(1)>
5. You will observe that the payload successfully got stored into the
database and when you are triggering the same functionality at that
time JavaScript payload gets executed successfully and we'll get a
pop-up.
Related
cvelist
cvelist
CVE-2021-24901 Security Audit <= 1.0.0 - Admin+ Stored Cross Site Scripting
2022-02-28 09:06:17
nvd
nvd
CVE-2021-24901
2022-02-28 09:15:08
wpexploit
wpexploit
Security Audit <= 1.0.0 - Admin+ Stored Cross Site Scripting
2021-11-15 00:00:00
patchstack
patchstack
packetstorm
packetstorm
WordPress Security Audit 1.0.0 Cross Site Scripting
2022-02-08 00:00:00
exploitdb
exploitdb
WordPress Plugin Security Audit 1.0.0 - Stored Cross Site Scripting (XSS)
2022-02-08 00:00:00
wpvulndb
wpvulndb
Security Audit <= 1.0.0 - Admin+ Stored Cross Site Scripting
2021-11-15 00:00:00
cve
cve
CVE-2021-24901
2022-02-28 09:15:08
prion
prion
Cross site scripting
2022-02-28 09:15:00