Home Tools Exploits & CVE's WordPress Accessibility Help Button 1.1 Cross Site Scripting

WordPress Accessibility Help Button 1.1 Cross Site Scripting

April 5, 2023

260

WordPress Accessibility Help Button plugin version 1.1 suffers from a cross site scripting vulnerability.

# Exploit Title: WordPress Plugin Accessibility Help Button – Stored
Cross Site Scripting.
# Date: 2-04-2023
# Exploit Author: Taliya Bilal- NightHawk
# Vendor Homepage: https://wordpress.com/plugins/accessibility-help-button
# Version: 1.1
# Tested on: Firefox
# Contact me: [email protected]

# Steps to reproduce:
1.  Install Accessibility Help Button WordPress plugin and activate.
2. Go to Options and on Button Text input field inject XSS payload
<script>alert('XSS')</script>
3. Fill out the whole form and click the save button below.
3. XSS will trigger.

#Screenshot:https://freeimage.host/i/HOBXWqg

WordPress Accessibility Help Button 1.1 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

Doctor Appointment Management System 1.0 Cross Site Scripting

Kemp LoadMaster Unauthenticated Command Injection

osCommerce 4 Cross Site Scripting

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

AMSS++ 5.21.09 SQL Injection

nopCommerce Store 4.30 Cross Site Scripting

WordPress ReviewX 1.6.13 Privilege Escalation