.. / CVE-2019-19134

Exploit for WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting (CVE-2019-19134)

Description:

WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.

Nuclei Template

View the template here CVE-2019-19134.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-19134.yaml

References:

https://heroplugins.com/changelogs/hmaps/changelog.txt
https://nvd.nist.gov/vuln/detail/CVE-2019-19134
https://wpscan.com/vulnerability/d179f7fe-e3e7-44b3-9bf8-aab2e90dbe01
https://www.hooperlabs.xyz/disclosures/cve-2019-19134.php
https://heroplugins.com/product/maps/

.. / CVE-2019-19134 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting (CVE-2019-19134)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-19134