{"id":23380,"date":"2022-04-19T19:29:54","date_gmt":"2022-04-19T15:29:54","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/166768\/wppopupmaker1165-xss.txt"},"modified":"2022-05-09T07:52:40","modified_gmt":"2022-05-09T03:22:40","slug":"wordpress-popup-maker-1-16-5-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/wordpress-popup-maker-1-16-5-cross-site-scripting\/","title":{"rendered":"WordPress Popup Maker 1.16.5 Cross Site Scripting"},"content":{"rendered":"

# Exploit Title: WordPress Plugin Popup Maker <1.16.5 – Persistent Cross-Site Scripting (Authenticated)
\n# Date: 2022-03-03
\n# Exploit Author: Roel van Beurden
\n# Vendor Homepage: https:\/\/wppopupmaker.com
\n# Software Link: https:\/\/downloads.wordpress.org\/plugin\/popup-maker.1.16.4.zip
\n# Version: <1.16.5
\n# Tested on: WordPress 5.9 on Ubuntu 20.04<\/p>\n

1. Description:
\n———————-
\nWordPress Plugin Popup Maker <1.16.5 does not sanitise and escape some of its popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.<\/p>\n

2. Proof of Concept:
\n———————-
\nCreate Popup > Popup Settings > Triggers > Add New Cookie > Add > Cookie Time (overwrite the default ‘1 month’ with XSS payload)
\nClick ‘Add’ what triggers the XSS payload<\/p>\n

Payload examples:<\/p>\n

<script>alert(‘XSS’);<\/script>
\n<img src=x onerror=alert(‘XSS’)><\/p>\n","protected":false},"excerpt":{"rendered":"

# Exploit Title: WordPress Plugin Popup Maker <1.16.5 – Persistent Cross-Site Scripting (Authenticated) # Date: 2022-03-03 # Exploit Author: Roel van Beurden # Vendor Homepage: https:\/\/wppopupmaker.com # Software Link: https:\/\/downloads.wordpress.org\/plugin\/popup-maker.1.16.4.zip # Version: <1.16.5 # Tested on: WordPress 5.9 on Ubuntu 20.04 1. Description: ———————- WordPress Plugin Popup Maker <1.16.5 does not sanitise and escape some …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-23380","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/23380","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=23380"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/23380\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=23380"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=23380"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=23380"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}