.. / CVE-2019-6112

Exploit for WordPress Sell Media 2.4.1 - Cross-Site Scripting (CVE-2019-6112)

Description:

WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).

Nuclei Template

View the template here CVE-2019-6112.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-6112.yaml

References:

https://github.com/Elsfa7-110/kenzer-templates
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/graphpaperpress/Sell-Media/commit/8ac8cebf332e0885863d0a25e16b4b180abedc47#diff-f16fea0a0c8cc36031ec339d02a4fb3b
https://metamorfosec.com/Files/Advisories/METS-2020-001-A_XSS_Vulnerability_in_Sell_Media_Plugin_v2.4.1_for_WordPress.txt
https://nvd.nist.gov/vuln/detail/CVE-2019-6112

.. / CVE-2019-6112 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Sell Media 2.4.1 - Cross-Site Scripting (CVE-2019-6112)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-6112