Wordpress Widgetize pages Light XSS

2015.09.15
Credit: Amir.ght
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Wordpress Widgetize pages Light XSS # Date: 2015-09-15 # Exploit Author: Amir.ght # My FB: fb.com/Amir.hossein.ght # Vendor Homepage: https://wordpress.org/plugins/widgetize-pages-light/ # Software Link: https://downloads.wordpress.org/plugin/widgetize-pages-light.1.15.zip # Version: 1.15 # Tested on: windows 7 / FireFox #################################################### # Exploit : For Exploiting This Vulnerability You Should Install "Widgetize pages Light" Plugin Click On "Add New" , In "Sidebar title" And "Description" Can Input Place Your JavaScript Code For Execution Codes click on "Save Sidebar" button #################################################################### # Vulnerable File : /wp-content/plugins/widgetize-pages-light/include/otw_manage_sidebar.php # Vulnerable codes: Line 180 : <input type="text" id="sbm_title" value="<?php echo $otw_sidebar_values['sbm_title']?>" tabindex="1" size="30" name="sbm_title"/> Line 185 : <textarea id="sbm_description" name="sbm_description" tabindex="4" rows="3" cols="10"><?php echo $otw_sidebar_values['sbm_description']?></textarea> ##########################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top