.. / CVE-2022-3506

Exploit for WordPress Related Posts <2.1.3 - Stored Cross-Site Scripting (CVE-2022-3506)

Description:

WordPress Related Posts plugin prior to 2.1.3 contains a cross-site scripting vulnerability in the rp4wp[heading_text] parameter. User input is not properly sanitized, allowing the insertion of arbitrary code that can allow an attacker to steal cookie-based authentication credentials and launch other attacks.

Nuclei Template

View the template here CVE-2022-3506.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-3506.yaml
Copy

References:

https://huntr.dev/bounties/08251542-88f6-4264-9074-a89984034828
https://github.com/ARPSyndicate/cvemon
https://github.com/barrykooij/related-posts-for-wp/commit/37733398dd88863fc0bdb3d6d378598429fd0b81
https://huntr.dev/bounties/08251542-88f6-4264-9074-a89984034828/
https://nvd.nist.gov/vuln/detail/CVE-2022-3506