.. / CVE-2014-4550

Exploit for Shortcode Ninja <= 1.4 - Cross-Site Scripting (CVE-2014-4550)

Description:

A cross-site scripting vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.

Nuclei Template

View the template here CVE-2014-4550.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2014/CVE-2014-4550.yaml
Copy

References:

https://wpscan.com/vulnerability/c7c24c7d-5341-43a6-abea-4a50fce9aab0
https://nvd.nist.gov/vuln/detail/CVE-2014-4550
http://codevigilant.com/disclosure/wp-plugin-shortcode-ninja-a3-cross-site-scripting-xss