Lucene search
Shweta Mahajan1337DAY-ID-37329HistoryFeb 08, 2022 - 12:00 a.m.
WordPress CP Blocks 1.0.14 Plugin - Stored Cross Site Scripting Vulnerability
2022-02-0800:00:00
Shweta Mahajan
0day.today
162
0.001 Low
EPSS
Percentile
38.3%
# Exploit Title: WordPress Plugin CP Blocks 1.0.14 - Stored Cross Site Scripting (XSS)
# Exploit Author: Shweta Mahajan
# Vendor Homepage: https://wordpress.org/plugins/cp-blocks/
# Software Link: https://wordpress.org/plugins/cp-blocks/
# Tested on Windows
# CVE: CVE-2022-0448
# Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0448
https://wpscan.com/vulnerability/d4ff63ee-28e6-486e-9aa7-c878b97f707c
How to reproduce vulnerability:
1. Install Latest WordPress
2. Install and activate CP Blocks Version 1.0.14
3. Navigate to CP Blocks - License >> enter the payload into 'License ID'.
4. Enter JavaScript payload which is mentioned below
"><script>alert(0)</script>
5. You will observe that the payload successfully got stored into the
database and when you are triggering the same functionality at that
time JavaScript payload gets executed successfully and we'll get a
pop-up.
Related
cnvd
cnvd
WordPress CP Blocks plugin cross-site scripting vulnerability
2022-02-14 00:00:00
cve
cve
CVE-2022-0448
2022-03-07 09:15:09
wpexploit
wpexploit
CP Blocks < 1.0.15 - Admin+ Stored Cross-Site Scripting
2022-02-02 00:00:00
cvelist
cvelist
CVE-2022-0448 CP Blocks < 1.0.15 - Admin+ Stored Cross-Site Scripting
2022-03-07 08:16:48
wpvulndb
wpvulndb
CP Blocks < 1.0.15 - Admin+ Stored Cross-Site Scripting
2022-02-02 00:00:00
packetstorm
packetstorm
WordPress CP Blocks 1.0.14 Cross Site Scripting
2022-02-08 00:00:00
patchstack
patchstack
prion
prion
Cross site scripting
2022-03-07 09:15:00
nvd
nvd
CVE-2022-0448
2022-03-07 09:15:09
exploitdb
exploitdb
WordPress Plugin CP Blocks 1.0.14 - Stored Cross Site Scripting (XSS)
2022-02-08 00:00:00