How to craft an XSS payload to create an admin user in Wordpress
Por um escritor misterioso
Descrição
What I'll go through in this post is exactly how to capitalize on a particular (old) Wordpress plugin vulnerability to deliver a persistent XSS injection (not logged into Wordpress) that will later be executed by someone logged into Wordpress with higher privileges, such as an administrator.
What is XSS? How to Protect Your Website from DOM Cross-Site
How hackers exploit XSS vulnerabilities to create admin accounts
Stored XSS (Cross Site Scripting) vulnerability in page title
Cross-Site Scripting: The Real WordPress Supervillain
TrustedSec Tricks for Weaponizing XSS
CVE-2021-33851 - Stored Cross-Site Scripting in WordPress
XSS: A Gateway to Command and Control, by Mawee
10 Practical scenarios for XSS attacks
How to craft an XSS payload to create an admin user in Wordpress
TrustedSec Tricks for Weaponizing XSS
XSS Vulnerability (CVE-2023-30777)
10 Practical scenarios for XSS attacks
WordPress XSS to RCE Vulnerability
WordPress XSS Protection: Safeguard Your Site In 2023
CVE-2021-33850 - Stored cross site scripting (XSS) in WordPress