Exploit/Advisories
Published on June 27th, 2022 📆 | 2865 Views ⚑
0WordPress Simple Page Transition 1.4.1 Cross Site Scripting – Torchsec
# Exploit Title: WordPress Plugin ‘Simple Page Transition’ - Stored Cross
Site Scripting
# Date: 27-06-2022
# Exploit Author: Mariam Tariq - HunterSherlock
# Vendor Homepage: https://wordpress.org/plugins/simple-page-transition/
# Version: 1.4.1
# Tested on: Firefox
# Contact me: mariamtariq404@gmail.com*#Vulnerable code*:
```
name="simple_page_transition_ignored" value="*< ?php print
$simple_page_transition_ignored; ?>*" />
```
*#POC:*
1- Install the plugin ‘simple page transition’ & activate it.
2- Navigate towards the “ignored download links”
3- Enter the XSS payload ` *“>*`
*#POC image:*
https://imgur.com/yzaTkhi
Gloss