Home Tools Exploits & CVE's WordPress Motopress Hotel Booking Lite 4.4.2 Cross Site Scripting

WordPress Motopress Hotel Booking Lite 4.4.2 Cross Site Scripting

September 29, 2022

458

Motopress Hotel Booking Lite plugin version 4.4.2 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: WordPress Plugin Motopress Hotel Booking Lite 4.4.2 - Stored Cross-Site Scripting (XSS)
# Date: 2022-09-28
# Exploit Author: Ali Alipour
# Vendor Homepage: https://motopress.com/
# Software Link: https://wordpress.org/plugins/motopress-hotel-booking-lite/
# Version: 4.4.2
# Tested on: Windows 10 Pro x64 - XAMPP Server
# CVE : N/A


PoC:

1: Install Latest WordPress

2: Install and activate Latest Motopress Hotel Booking Lite (4.4.2).

3: Navigate to Accommodation >> Services.

4: Click on "Add New" button And Enter the JavaScript Payload in the Title Field : ( "><script>alert("XSS")</script> )

5:Click on the publish button.

6. Visit http://localhost/wp/services/

7. XSS payload execute.

WordPress Motopress Hotel Booking Lite 4.4.2 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

LRMS PHP 1.0 SQL Injection / Shell Upload

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Doctor’s Appointment System 1.0 SQL Injection

MiniDVBLinux 5.4 Remote Root Command Execution

ARTISTRY LIMITED LMS 0.5 Insecure Settings