WordPress CP Blocks plugin version 1.0.14 suffers from a persistent cross site scripting vulnerability.
advisories | CVE-2022-0448
# Exploit Title: WordPress Plugin CP Blocks 1.0.14 - Stored Cross Site Scripting (XSS)
# Date: 2022-02-02
# Exploit Author: Shweta Mahajan
# Vendor Homepage: https://wordpress.org/plugins/cp-blocks/
# Software Link: https://wordpress.org/plugins/cp-blocks/
# Tested on Windows
# CVE: CVE-2022-0448
How to reproduce vulnerability:
1. Install Latest WordPress
2. Install and activate CP Blocks Version 1.0.14
3. Navigate to CP Blocks - License >> enter the payload into 'License ID'.
5. You will observe that the payload successfully got stored into the
database and when you are triggering the same functionality at that