header-logo
Suggest Exploit
vendor:
WordPress File Upload
by:
ManhNho
5.4
CVSS
MEDIUM
Stored XSS
79
CWE
Product Name: WordPress File Upload
Affected Version From: 4.3.2
Affected Version To: 4.3.2
Patch Exists: YES
Related CWE: CVE-2018-9172
CPE: 2.3:a:wordpress:wordpress_file_upload:4.3.2
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: CentOS 6.5
2018

WordPress Plugin WordPress File Upload 4.3.2 – Stored XSS

WordPress File Upload is a WordPress plugin with more than 20.000 active installations. Version 4.3.2 (and possibly previous versions) are affected by a Stored XSS vulnerability in the admin panel, related to the 'Uploader Instances' functionality. To exploit the vulnerability, an attacker must login to the admin panel, access the Wordpress File Upload Control Panel, choose and edit a created Instance, and inject an XSS pattern such as <script>alert('ManhNho')</script> into the Plugin ID field. Accessing Pages/Posts containing the upload option will then trigger the alert.

Mitigation:

Update to version 4.3.3 of the WordPress File Upload plugin.
Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin WordPress File Upload 4.3.2 - Stored XSS
# Date: 31/03/2018
# Exploit Author: ManhNho
# Vendor Homepage: https://www.iptanus.com/
# Software Link: https://downloads.wordpress.org/plugin/wp-file-upload.zip
# Version: 4.3.2
# Tested on: CentOS 6.5
# CVE : CVE-2018-9172
# Category : Webapps

1. Description
===========
WordPress File Upload is a WordPress plugin with more than 20.000 active
installations.
Version 4.3.2 (and possibly previous versions) are affected by a Stored XSS
vulnerability in the admin panel ,related to the "Uploader Instances"
functionality.

2. Proof of Concept
===========

1. Login to admin panel
2. Access to Wordpress File Upload Control Panel. In Uploader Instances
function, choose and edit created Instance
3. In Plugin ID field, inject XSS pattern such as:
<script>alert('ManhNho')</script> and click Update button
4. Access to Pages/Posts contain upload option, we got alert ManhNho

3. References
===========
https://www.iptanus.com/new-version-4-3-3-of-wordpress-file-upload-plugin/
https://wordpress.org/plugins/wp-file-upload/#developers
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9172

Navigation

Suggest Exploit

Services By CQR