Headline
Advanced Page Visit Counter 1.0 Cross Site Scripting
Advanced Page Visit Counter version 1.0 suffers from a persistent cross site scripting vulnerability.
# Exploit Title: Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-SiteScripting (XSS) (Authenticated)# Date: 11.10.2023# Exploit Author: Furkan ÖZER# Software Link: https://wordpress.org/plugins/advanced-page-visit-counter/# Version: 8.0.5# Tested on: Kali-Linux,Windows10,Windows 11# CVE: N/A# Description:Advanced Page Visit Counter is a remarkable Google Analytics alternativespecifically designed for WordPress websites, and it has quickly become amust-have plugin for website owners and administrators seeking powerfultracking and analytical capabilities. With the recent addition of EnhancedeCommerce Tracking for WooCommerce, this plugin has become even moreindispensable for online store owners.Homepage | Support | Premium VersionIf you’re in search of a GDPR-friendly website analytics plugin exclusivelydesigned for WordPress, look no further than Advanced Page Visit Counter.This exceptional plugin offers a compelling alternative to Google Analyticsand is definitely worth a try for those seeking enhanced data privacycompliance.This is a free plugin and doesn’t require you to create an account onanother site. All features outlined below are included in the free plugin.Description of the owner of the plugin Stored Cross-Site Scripting attackagainst the administrators or the other authenticated users.The plugin does not sanitise and escape some of its settings, which couldallow high privilege users such as admin to perform Stored Cross-SiteScripting attacks even when the unfiltered_html capability is disallowed(for example in multisite setup)The details of the discovery are given below.# Steps To Reproduce:1. Install and activate the Advanced Page Visit Counter plugin.2. Visit the "Settings" interface available in settings page of the pluginthat is named "Widget Settings"3. In the plugin's "Today's Count Label" setting field, enter the payloadPayload: " "type=image src=1 onerror=alert(document.cookie)> "6. Click the "Save Changes" button.7. The XSS will be triggered on the settings page when every visit of anauthenticated user.# Video Linkhttps://youtu.be/zcfciGZLriM