Home Tools Exploits & CVE's WordPress Circle Progress 1.0 Cross Site Scripting

WordPress Circle Progress 1.0 Cross Site Scripting

June 6, 2023

277

WordPress Circle Progress plugin version 1.0 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: WordPress Plugin Circle progress bar – Cross site
scripting-Stored
# Date: 2-06-2023
# Exploit Author: Taliya Bilal- NightHawk
# Vendor Homepage: https://wordpress.org/plugins/circle-progress-bar/
# Version: 1.0
# Tested on: Firefox
# Contact me: [email protected]

# Steps to reproduce:
1.  Install Circle progress bar and activate plugin.
2.  Navigate to Circle progress bar plugin.
3.  Fill the title field with xss payload <img src=x onerror=alert(1)>
4.  Click the option preview post. Here the popup will appear.

#Screenshot:https://freeimage.host/i/Hrbmskvhttps://freeimage.host/i/Hrbmy4n

WordPress Circle Progress 1.0 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

osCommerce 4 Cross Site Scripting

undefinedExploiting The NT Kernel In 24H2undefined

Windows NtQueryInformationThread Double-Fetch / Arbitrary Write

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Simple Client Management System 1.0 SQL Injection

Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure

Windows sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString Heap Buffer Overflow