# Exploit Title: Ultimate Affiliate Pro WordPress Plugin <= v3.6 - Authenticated Stored XSS
# Date: 2017-07-24
# Exploit Author: 8bitsec
# Vendor Homepage: http://affiliate.wpindeed.com/
# Software Link: https://codecanyon.net/item/ultimate-affiliate-pro-wordpress-plugin/16527729
# Version: 3.6
# Tested on: [Kali Linux 2.0 | Mac OS 10.12.5]
# Email: contact@8bitsec.io
# Contact: https://twitter.com/_8bitsec
Release Date:
=============
2017-07-24
Product & Service Introduction:
===============================
Ultimate Affiliate Pro is the newest and most completed Affiliate WordPress Plugin that allow you provide a premium platform for your Affiliates with different rewards and amounts based on Ranks or special Offers.
Technical Details & Description:
================================
Multiple Stored XSS vulnerabilities found logged as a low privileged user.
Proof of Concept (PoC):
=======================
Authenticated Stored XSS:
Logged as an affiliate, a low privileged user. Profile > Edit Account.
Write the payload in the 'Last Name' input area:
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNMouseoVer=alert(document.domain) )
Other fields may be vulnerable.
Authenticated Stored XSS:
Logged as an affiliate, a low privileged user.
Marketing > Campaigns > Add New Campaign. Write the payload on the 'Name' input field:
<svg/onload=alert(document.domain)>
Credits & Authors:
==================
8bitsec - [https://twitter.com/_8bitsec]