.. / CVE-2021-25067

Exploit for Landing Page Builder < 1.4.9.6 - Cross-Site Scripting (CVE-2021-25067)

Description:

The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page.

Nuclei Template

View the template here CVE-2021-25067.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-25067.yaml
Copy

References:

https://github.com/ARPSyndicate/cvemon
https://wpscan.com/vulnerability/365007f0-61ac-4e81-8a3a-3a068f2c84bc
https://wordpress.org/plugins/page-builder-add/
https://github.com/kazet/wpgarlic
https://nvd.nist.gov/vuln/detail/CVE-2021-25067