WordPress Coru LFMember 1.0.2 Cross Site Scripting

2022.04.26
Credit: Mariam Tariq
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: WordPress Plugin Coru LFMember - Stored Cross Site Scripting # Date: 26-04-2022 # Exploit Author: Mariam Tariq - HunterSherlock # Vendor Homepage: https://wordpress.org/plugins/Coru LFMember/ # Version: 1.0.2 # Tested on: Firefox # Contact me: mariamtariq404@gmail.com # Vulnerable Code: ``` <td class="manage-column"><input type="text" value="<?php print $result['game_image'] ?>" name="game_image[]" /></td> <td class="manage-column"><?php print stripslashes($result['game_name_short']) ?></td> <td class="manage-column"><input type="text" value="<?php print stripslashes($result['game_name_long']) ?>" name="game_name_long[]" /></td> <td class="manage-column"><textarea name="game_description[]" rows="4" cols="10"><?php print stripslashes($result['game_description']) ?></textarea></td> <td class="manage-column"><input type="text" value="<?php print $result['game_link'] ?>" name="game_link[]" /></td> ``` # POC 1. Install the Coru LFMember WordPress plugin and activate it. 2. Go to LFMember -> Add New and inject XSS payload “><img src=x onerror=alert(1)> in the fields given i.e, Game Image Name, Game Short Name, Game Long Name, Game Description, and Links to. 3. XSS will trigger and will be stored. ## POC Image https://imgur.com/kZDtIVz


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top