Wordpress wordpress-popup Reflected XSS

2015.09.27

Credit: emperor-team

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: Wordpress wordpress-popup Reflected XSS
# Date: 2015/9/26
# Exploit Author: emperor-team
# Vendor Homepage: https://wordpress.org/plugins/wordpress-popup/
# Software Link: hhttps://downloads.wordpress.org/plugin/wordpress-popup.zip
# Version: 4.7.1.1
# Tested on: windows 8 /FireFox
####################################################

#Exploitation :

For Exploiting This Vulnerability You Should Install wordpress-popup Plugin
Add New  popup : http://site/wp-admin/post-new.php?post_type=inc_popup
In "PopUp Name" feild Can Input Place Your JavaScript Code and click on "Save" .
Execute javascript Codes after click "save" .


####################################################
http://emperor-team.org/
Mr.PERSIA -  MR.F@RDIN - Mr.Creative - MoHaMaD VaKeR - ALIREZA_PROMIS - tm_sd68 - SoKi - mohmmad hosseini
MOHAMMAD_Attacker - Munch - Smurf - root.kali

#APR - Soki
####################################################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Wordpress wordpress-popup Reflected XSS

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.