Exploit Title: WordPress File Upload < 4.23.3 Stored XSS (CVE 2023-4811) Date: 18 December 2023 Exploit Author: Faiyaz Ahmad Vendor Homepage: https://wordpress.com/ Version: 4.23.3 CVE : CVE 2023-4811 Proof Of Concept: 1. Login to the wordpress account 2. Add the following shortcode to a post in "File Upload Plugin": [wordpress_file_upload redirect="true" redirectlink="*javascript:alert(1)*"] 3. Upload any file on the resulting post. 4. After the upload completes, you will see the XSS alert in the browser.
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD
