Headline
CVE-2021-24900: WordPress Ninja Tables 4.1.7 Cross Site Scripting ≈ Packet Storm
The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
WordPress Ninja Tables 4.1.7 Cross Site Scripting
Posted Oct 25, 2021
Authored by Akash Rajendra Patil
WordPress Ninja Tables plugin version 4.1.7 suffers from a persistent cross site scripting vulnerability.
tags | exploit, xss
MD5 | 1ee321f04776c466b3590854bba610c6
Download | Favorite | View
WordPress Ninja Tables 4.1.7 Cross Site Scripting
# Exploit Title: WordPress Plugin Ninja Tables 4.1.7 - Stored Cross-Site Scripting (XSS)# Date: 25-10-2021# Exploit Author: Akash Rajendra Patil# Vendor Homepage: https://wordpress.org/plugins/ninja-tables/# Software Link: https://wpmanageninja.com/downloads/ninja-tables-pro-add-on/# Version: 4.1.7# Tested on Windows*How to reproduce vulnerability:*1. Install Latest WordPress2. Install and activate Ninja Tables <= 4.1.73. Enter JavaScript payload which is mentioned below"><img src=x onerror=confirm(docment.domain)> in the 'Coulmn Name & Add Data'and enter the data into the user input field.Then Navigate to Table Design5. You will observe that the payload successfully got stored into the database and when you are triggering the same functionality in that time JavaScript payload is executing successfully and we are getting a pop-up.
File Tags
- ActiveX (932)
- Advisory (76,655)
- Arbitrary (14,946)
- BBS (2,859)
- Bypass (1,518)
- CGI (1,009)
- Code Execution (6,477)
- Conference (667)
- Cracker (797)
- CSRF (3,247)
- DoS (21,554)
- Encryption (2,320)
- Exploit (49,159)
- File Inclusion (4,121)
- File Upload (933)
- Firewall (821)
- Info Disclosure (2,531)
- Intrusion Detection (845)
- Java (2,745)
- JavaScript (789)
- Kernel (5,904)
- Local (13,904)
- Magazine (586)
- Overflow (12,045)
- Perl (1,409)
- PHP (5,024)
- Proof of Concept (2,273)
- Protocol (3,233)
- Python (1,365)
- Remote (29,340)
- Root (3,428)
- Ruby (564)
- Scanner (1,628)
- Security Tool (7,635)
- Shell (3,014)
- Shellcode (1,192)
- Sniffer (877)
- Spoof (2,064)
- SQL Injection (15,868)
- TCP (2,345)
- Trojan (666)
- UDP (865)
- Virus (657)
- Vulnerability (30,162)
- Web (8,870)
- Whitepaper (3,701)
- x86 (939)
- XSS (17,211)
- Other
File Archives
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- Older
Systems
- AIX (423)
- Apple (1,860)
- BSD (368)
- CentOS (55)
- Cisco (1,909)
- Debian (5,947)
- Fedora (1,690)
- FreeBSD (1,241)
- Gentoo (4,150)
- HPUX (875)
- iOS (311)
- iPhone (108)
- IRIX (220)
- Juniper (67)
- Linux (41,376)
- Mac OS X (682)
- Mandriva (3,105)
- NetBSD (255)
- OpenBSD (476)
- RedHat (10,982)
- Slackware (941)
- Solaris (1,601)
- SUSE (1,444)
- Ubuntu (7,593)
- UNIX (9,015)
- UnixWare (182)
- Windows (6,265)
- Other