.. / CVE-2011-5106

Exploit for WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting (CVE-2011-5106)

Description:

A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Nuclei Template

View the template here CVE-2011-5106.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2011/CVE-2011-5106.yaml

References:

https://wordpress.org/plugins/flexible-custom-post-type/#developers
https://nvd.nist.gov/vuln/detail/CVE-2011-5106
https://exchange.xforce.ibmcloud.com/vulnerabilities/71415
http://wordpress.org/extend/plugins/flexible-custom-post-type/changelog/
http://plugins.trac.wordpress.org/changeset?reponame=&new=466252%40flexible-custom-post-type&old=465583%40flexible-custom-post-type

.. / CVE-2011-5106 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting (CVE-2011-5106)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2011-5106