[webapps] WordPress File Upload Plugin < 4.23.3 - Stored XSS
2024-3-18 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:11 收藏
2024-3-18 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:11 收藏
Exploit Title: WordPress File Upload < 4.23.3 Stored XSS (CVE 2023-4811)
Date: 18 December 2023
Exploit Author: Faiyaz Ahmad
Vendor Homepage: https://wordpress.com/
Version: 4.23.3
CVE : CVE 2023-4811
Proof Of Concept:
1. Login to the wordpress account
2. Add the following shortcode to a post in "File Upload Plugin":
[wordpress_file_upload redirect="true" redirectlink="*javascript:alert(1)*"]
3. Upload any file on the resulting post.
4. After the upload completes, you will see the XSS alert in the browser.
文章来源: https://www.exploit-db.com/exploits/51899
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh