header-logo
Suggest Exploit
vendor:
TaxoPress
by:
Akash Rajendra Patil
4.8
CVSS
MEDIUM
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: TaxoPress
Affected Version From: 3.0.7.1
Affected Version To: 3.0.7.1
Patch Exists: YES
Related CWE: CVE-2021-24444
CPE: 2.3:a:wordpress:taxopress:3.0.7.1
Metasploit:
Other Scripts:
Platforms Tested: Windows
2021

WordPress Plugin TaxoPress 3.0.7.1 – Stored Cross-Site Scripting (XSS) (Authenticated)

TaxoPress Version 3.0.7.1 is vulnerable to Stored Cross-Site Scripting (XSS). An authenticated user can inject malicious JavaScript payload into the 'Table Name & Descriptions' field which will be stored in the database. When the same functionality is triggered, the payload will be executed and a pop-up will be displayed.

Mitigation:

Ensure that user input is properly sanitized and validated before being stored in the database.
Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin TaxoPress 3.0.7.1 - Stored Cross-Site Scripting (XSS) (Authenticated)
# Date: 23-10-2021
# Exploit Author: Akash Rajendra Patil
# Vendor Homepage:
# Software Link: https://wordpress.org/plugins/simple-tags/
# Tested on Windows
# CVE: CVE-2021-24444
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24444
# Reference: https://wpscan.com/vulnerability/a31321fe-adc6-4480-a220-35aedca52b8b


How to reproduce vulnerability:

1. Install Latest WordPress

2. Install and activate TaxoPress Version 3.0.7.1
3. Navigate to Add Table >> add the payload into 'Table Name & Descriptions'
and enter the data into the user input field.

4. Enter JavaScript payload which is mentioned below
"><img src=x onerror=confirm(docment.domain)>

5. You will observe that the payload successfully got stored into the
database and when you are triggering the same functionality in that
time JavaScript payload is executing successfully and we are getting a
pop-up.