.. / CVE-2011-4618

Exploit for Advanced Text Widget < 2.0.2 - Cross-Site Scripting (CVE-2011-4618)

Description:

A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

Nuclei Template

View the template here CVE-2011-4618.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2011/CVE-2011-4618.yaml

References:

http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities
http://www.openwall.com/lists/oss-security/2011/12/19/6
https://exchange.xforce.ibmcloud.com/vulnerabilities/71412
http://wordpress.org/extend/plugins/advanced-text-widget/changelog/
https://nvd.nist.gov/vuln/detail/CVE-2011-4618

.. / CVE-2011-4618 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Advanced Text Widget < 2.0.2 - Cross-Site Scripting (CVE-2011-4618)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2011-4618