WordPress Plugin Popup Maker <1.16.5 - Persistent Cross-Site Scripting (Authenticated)

0

# Exploit Title: WordPress Plugin Popup Maker <1.16.5 - Persistent Cross-Site Scripting (Authenticated) # Date: 2022-03-03 # Exploit Author: Roel van Beurden # Vendor Homepage: https://wppopupmaker.com # Software Link: https://downloads.wordpress.org/plugin/popup-maker.1.16.4.zip # Version: <1.16.5 # Tested on: WordPress 5.9 on Ubuntu 20.04 1. Description: ---------------------- WordPress Plugin Popup Maker <1.16.5 does not sanitise and escape some of its popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. 2. Proof of Concept: ---------------------- Create Popup > Popup Settings > Triggers > Add New Cookie > Add > Cookie Time (overwrite the default ‘1 month’ with XSS payload)
Click ‘Add’ what triggers the XSS payload

Payload examples:


Secured By miniOrange