.. / CVE-2017-17043

Exploit for WordPress Emag Marketplace Connector 1.0 - Cross-Site Scripting (CVE-2017-17043)

Description:

WordPress Emag Marketplace Connector plugin 1.0 contains a reflected cross-site scripting vulnerability because the parameter “post” to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.

Nuclei Template

View the template here CVE-2017-17043.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2017/CVE-2017-17043.yaml
Copy

References:

https://github.com/ARPSyndicate/cvemon
https://wordpress.org/support/topic/wordpress-emag-marketplace-connector-1-0-cross-site-scripting-vulnerability/
https://nvd.nist.gov/vuln/detail/CVE-2017-17043
https://wpvulndb.com/vulnerabilities/8964
https://packetstormsecurity.com/files/145060/wpemagmc10-xss.txt