header-logo
Suggest Exploit
vendor:
Sabai Discuss Wordpress Plugin
by:
Hesam Bazvand
8,8
CVSS
HIGH
Stored XSS
79
CWE
Product Name: Sabai Discuss Wordpress Plugin
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 / Kali Linux
2020

Sabai Discuss WordPress Plugin Stored XSS vulnerability

Sabai Discuss Wordpress Plugin is vulnerable to a stored XSS vulnerability. An attacker can exploit this vulnerability by creating a new question on the website and inserting malicious XSS code into the title field. This will allow the attacker to execute malicious code on the victim's browser.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update to the latest version of the plugin.
Source

Exploit-DB raw data:

# Exploit Title: Sabai Discuss Wordpress Plugin Stored XSS vulnerability
# Exploit Author: Hesam Bazvand
# Contact: https://www.facebook.com/hesam.king73
# Software demo : https://sabaidiscuss.com/
# Tested on: Windows 7 / Kali Linux
# Category: WebApps
# Dork : User Your Mind ! :D
# Video Demo : https://youtu.be/QETN6cvBMoM
# Email : Black.king066@gmail.com
# Special thanks to Mr alireza ajami
 
1- Create new question 
	http://localhost/wordpress/questions/ask

2- Insert XSS Code in Title Field

3- Enjoy it!

Navigation

Suggest Exploit

Services By CQR