Home Tools Exploits & CVE's WordPress Admin Bar And Dashboard Access Control 1.28 XSS

WordPress Admin Bar And Dashboard Access Control 1.28 XSS

March 1, 2024

129

WordPress Admin Bar and Dashboard Access Control plugin version 1.28 suffers from a persistent cross site scripting vulnerability.

advisories | CVE-2023-47184

Change Mirror Download

# Exploit Title:  WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field  Stored Cross-Site Scripting (XSS)
# Google Dork: NA
# Date: 28/10/2023
# Exploit Author: Rachit Arora
# Vendor Homepage: 
# Software Link:  https://wordpress.org/plugins/admin-bar-dashboard-control/
# Version: 1.2.8
# Category: Web Application
# Tested on: Windows
# CVE : 2023-47184


1. Install WordPress (latest)

2. Install and activate Admin Bar & Dashboard Access Control.

3. Navigate to "Admin Bar & Dash"  >> Under Dashboard Access and in the "Dashboard Redirect" enter the payload into the input field.

"onfocusin=alert``+autofocus>
"onfocusin=alert`document.domain`+autofocus>

4. You will observe that the payload successfully got stored  and when you are triggering the same functionality in that time JavaScript payload is executing successfully and we are getting a pop-up.

WordPress Admin Bar And Dashboard Access Control 1.28 XSS

Follow us on Instagram @thecyberpost

EDITOR PICKS

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Doctor Appointment Management System 1.0 Cross Site Scripting

Kemp LoadMaster Unauthenticated Command Injection

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Compro Technology IP Camera Stream Disclosure

NDtaskmatic 1.0 SQL Injection

Online Ordering System 1.0 Shell Upload