Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)

 Share


Recommended Posts

# Exploit Title: Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)
# Google Dork: inurl:/wp-content/plugins/wp-useronline/
# Date: 2022-08-24
# Exploit Author: UnD3sc0n0c1d0
# Vendor Homepage: https://github.com/lesterchan/wp-useronline
# Software Link: https://downloads.wordpress.org/plugin/wp-useronline.2.88.0.zip
# Category: Web Application
# Version: 2.88.0
# Tested on: Debian / WordPress 6.0.1
# CVE : CVE-2022-2941
# Reference: https://github.com/lesterchan/wp-useronline/commit/59c76b20e4e27489f93dee4ef1254d6204e08b3c

# 1. Technical Description:
The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions 
up to, and including 2.88.0. This is due to the fact that all fields in the “Naming Conventions” section do 
not properly sanitize user input, nor escape it on output. This makes it possible for authenticated attackers, 
with administrative privileges, to inject JavaScript code into the setting that will execute whenever a user 
accesses the injected page.
  
# 2. Proof of Concept (PoC):
  a. Install and activate version 2.88.0 of the plugin.
  b. Go to the plugin options panel (http://[TARGET]/wp-admin/options-general.php?page=useronline-settings).
  c. Identify the "Naming Conventions" section and type your payload in any of the existing fields. You can use 
 	 the following payload:
		<script>alert(/XSS/)</script>
  d. Save the changes and now go to the Dashboard/WP-UserOnline option. As soon as you click here, your payload 
  	 will be executed.

Note: This change will be permanent until you modify the edited fields.
            

 

Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...