WordPress Accessibility Help Button 1.1 Cross Site Scripting – Torchsec
- WordPress Accessibility Help Button 1.1 Cross Site Scripting
- Posted Apr 3, 2023
- Authored by Taliya Bilal
-
WordPress Accessibility Help Button plugin version 1.1 suffers from a cross site scripting vulnerability.
- SHA-256 |
75d6a490d9ad9d368b93b382cdec95460a02be1d91acb59904a7b7fef549de78 - Download | Favorite | View
# Exploit Title: WordPress Plugin Accessibility Help Button – Stored
Cross Site Scripting.
# Date: 2-04-2023
# Exploit Author: Taliya Bilal- NightHawk
# Vendor Homepage: https://wordpress.com/plugins/accessibility-help-button
# Version: 1.1
# Tested on: Firefox
# Contact me: taliyabilal765@gmail.com# Steps to reproduce:
1. Install Accessibility Help Button WordPress plugin and activate.
2. Go to Options and on Button Text input field inject XSS payload
3. Fill out the whole form and click the save button below.
3. XSS will trigger.
#Screenshot:https://freeimage.host/i/HOBXWqg
Gloss