WordPress Curtain 1.0.2 Cross Site Scripting – Torchsec
# Exploit Title: Multiple Stored Cross-Site Scripting vulnerabilities
in WordPress curtain plugin 1.0.2
# Date: 29-03-2022
# Exploit Author: Hassan Khan Yusufzai - Splint3r7
# Vendor Homepage: https://wordpress.org/plugins/curtain/
# Version: 1.0.2
# Tested on: Firefox
# Contact me: h [at] spidersilk.com
in WordPress curtain plugin 1.0.2
# Date: 29-03-2022
# Exploit Author: Hassan Khan Yusufzai - Splint3r7
# Vendor Homepage: https://wordpress.org/plugins/curtain/
# Version: 1.0.2
# Tested on: Firefox
# Contact me: h [at] spidersilk.com
# Description
Several Cross-Site Scripting vulnerabilities in the Curtain WordPress
plugin. Due to these Cross-Site Scripting vulnerabilities, an attacker
would be able to steal cookies, hijack sessions,s or control the browser of
the victim.
*Reproduce XSS in Heading Section:*
1- Login to your WordPress Application
2- Install curtain plugin
3- Open the page
http://wordpressURL/wp-admin/options-general.php?page=curtain
4- Inject Payload in Heading
">
XSS
5- An alert will trigger.
*Reproduce XSS in Managers Textarea Section:*
1- Login to your WordPress Application
2- Install curtain plugin
3- Open the page
http://wordpressURL/wp-admin/options-general.php?page=curtain
4- Inject Payload in Managers as
">
5- An alert will trigger.
Gloss