WordPress Plugin Simple Post 1.1 - 'Text field' Stored Cross-Site Scripting (XSS)

vendor:

Simple Post

by:

Vikas Srivastava

7,5

CVSS

HIGH

Stored Cross-Site Scripting (XSS)

CWE

Product Name: Simple Post

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: NO

Related CWE: N/A

CPE: a:wordpress:simple_post:1.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Mac

2021

WordPress Plugin Simple Post 1.1 – ‘Text field’ Stored Cross-Site Scripting (XSS)

Install WordPress 5.7.2, Install and activate Simple Post, Navigate to Settings >> Simple Post and enter the XSS payload into the Text input field, Click Update Options, Payload Used: '><script>alert(document.cookie)</script>

Mitigation:

Ensure that user input is properly sanitized and validated before being stored in the database.

Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin Simple Post 1.1 - 'Text field' Stored Cross-Site Scripting (XSS)
# Date: 23/07/2021
# Exploit Author: Vikas Srivastava
# Software Link: https://wordpress.org/plugins/simple-post/
# Version: 1.1
# Category: Web Application
# Tested on Mac

How to Reproduce this Vulnerability:

1. Install WordPress 5.7.2
2. Install and activate Simple Post
3. Navigate to Settings >> Simple Post and enter the XSS payload into the Text input field.
4. Click Update Options.
5. You will observe that the payload successfully got stored into the database and when you are triggering the same functionality at that time JavaScript payload is executing successfully and we are getting a pop-up.
6. Payload Used: "><script>alert(document.cookie)</script>