Wordpress wp-recipe-maker Cross Site Scripting

Our sensors found this exploit at:

Below is a copy:

Wordpress wp-recipe-maker Cross Site Scripting
# Exploit Title: [wp-recipe-maker Cross Site Scripting]
# Google Dork: [N/A]
# Date: [31/1/2024]
# Exploit Author: [H4X.Forensics - Diyar]
# Vendor Homepage: []
# Software Link: []
# Version: [6.4.2] (6.4.2)
# Tested on: [Windows]
# CVE : N/A
Vulnerable Code :

<a href="<?php echo esc_url( $back_link ); ?>" id="wprm-print-button-back" class="wprm-print-button"><?php _e( 'Go Back', 'wp-recipe-maker' );?></a>

Exploit : 

Click wp-recipe-maker 
Click create recipe
From video section click embed video 
Insert this payload : <video src=1 href=1 onerror="javascript:alert(1)"></video>
Click save and close .
7lick print button 
Alert Message will pop-up

Sent with Proton Mail secure email.

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.