Wordpress popup-maker Stored XSS

2015.09.29

Credit: Iran Security Group

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

####################################################
# Exploit Title: Wordpress popup-maker Stored XSS
# Date: 2015/9/27
# Exploit Author: Iran Security Group
# Vendor Homepage: https://wordpress.org/plugins/popup-maker/
# Software Link: https://downloads.wordpress.org/plugin/popup-maker.1.3.7.zip
# Version: 1.3.7
# Tested on: windows 8 /FireFox
####################################################

#Exploitation :

For Exploiting This Vulnerability You Should Install popop-maker Plugin
Add New Popup : http://site/wp-admin/post-new.php?post_type=popup
In "Popup_title" feild Can Input Place Your JavaScript Code and click on "publish" .
Execute javascript Codes in "All popups" page :
http://site/wp-admin/edit.php?post_type=popup

{ you can steal admin cookie with moderator access }


####################################################
# http://iransec.net/forums
#  Root Smasher , N-Kod , Mr.Moein , hekt0r , umpire , Sadegh , ALIREZA_PROMIS
#  Saeed.jok3r , m4hdi , R3ZA-CYB3R , ataturk 1925 , social engineer and all ISG Member
#   FR : Sir.H4m1d
#       [+] fb.com/alirezapomis.blackhat
####################################################

References:

https://cxsecurity.com/issue/WLB-2015090170

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Wordpress popup-maker Stored XSS

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.