This CHT Posted November 4, 2022 Group: The leader of the Content Count: 4,798 Achievement Points: 31,702 With Us For: 244 Days Status: Offline Last Seen: May 19 Device: Windows Share Posted November 4, 2022 # Exploit Title: WordPress Plugin Filterable Portfolio Gallery 1.0 - 'title' Stored Cross-Site Scripting (XSS) # Date: 10/25/2021 # Exploit Author: Murat DEMIRCI (@butterflyhunt3r) # Vendor Homepage: http://www.filterable-portfolio.com/ # Software Link: https://wordpress.org/plugins/fg-gallery/ # Version: 1.0 # Tested on : Windows 10 #Poc: 1. Install Latest WordPress 2. Install and activate Filterable Portfolio Gallery 1.0 3. Open plugin on the left frame and enter JavaScript payload which is mentioned below into 'title' field, save and preview. <img src=x onerror=alert(1)> 4. You will observe that the payload successfully got stored into the database and alert will be seen on the screen. Link to comment Share on other sites More sharing options...
Recommended Posts