|=========================================================================== | # Exploit Title : WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS) | | # Category : Web Application | | # Software Link : https://wordpress.org/plugins/rss-for-yandex-turbo/ | | # Tested on : [ Windows ~> 10 , Kali Linux] | | # Version: 1.29 | | # Date : 2021-04-22 |=========================================================================== #Steps to reproduce vulnerability: 1. Install WordPress 5.6 2. Install and activate "RSS for Yandex Turbo" plugin. 3. Navigate to Setting >> Яндекс.Турбо >> Счетчики and enter the data into all the six user input field and submit the request. 4
The art of Exploit
Exploits POC Bug Bounty Tips & Tricks