WordPress Security Audit plugin version 1.0.0 suffers from a persistent cross site scripting vulnerability.
advisories | CVE-2021-24901
# Exploit Title: WordPress Plugin Security Audit 1.0.0 - Stored Cross Site Scripting (XSS)
# Date: 2022-01-26
# Exploit Author: Shweta Mahajan
# Vendor Homepage: https://en-gb.wordpress.org/plugins/titan-labs-security-audit/
# Software Link: https://en-gb.wordpress.org/plugins/titan-labs-security-audit/
# Tested on Windows
# CVE: CVE-2021-24901
How to reproduce vulnerability:
1. Install Latest WordPress
2. Install and activate Titan-labs-security-audit Version 1.0.0
3. Navigate to Security Audit settings >> enter the payload into 'Data Id'.
"><img src=x onerror=confirm(1)>
5. You will observe that the payload successfully got stored into the
database and when you are triggering the same functionality at that