Skip to content
/ CVE-2023-6000 Public

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rxerium/CVE-2023-6000

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
CVE-2023-6000.yaml
CVE-2023-6000.yaml
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2023-6000 PoC

How does this detection method work?

This template looks at the following path: /wp-content/plugins/popup-builder/readme.txt

Based on the Stable Tag listed, if the version is prior to 4.2.3 then it is considered to be vulnerable.

How do I run this script?

  1. Download Nuclei from here
  2. Copy the template to your local system
  3. Run the following command: nuclei -u https://yourHost.com -t template.yaml

References

Disclaimer

Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.

Contact

If you have any questions feel free to reach out to me on Signal or via email: rishi@rxerium.com.

About

The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.

Topics

wordpress cybersecurity vulnerability popup-builder

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository