.. / CVE-2012-4768

Exploit for WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting (CVE-2012-4768)

Description:

A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.

Nuclei Template

View the template here CVE-2012-4768.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2012/CVE-2012-4768.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2012-4768
https://exchange.xforce.ibmcloud.com/vulnerabilities/78422
http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html
https://github.com/ARPSyndicate/kenzer-templates
http://packetstormsecurity.org/files/116408/wpdownloadmonitor3357-xss.txt

.. / CVE-2012-4768 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting (CVE-2012-4768)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2012-4768