CVE-2007-4104

WP-FeedStats < 2.1 - Cross-Site Scripting via RSS2 Feed Query String

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4104. PoCs published by David Kierznowski.

AI-analyzed exploit summary The exploit describes an HTML-injection vulnerability in WP-FeedStats plugin for WordPress, allowing execution of arbitrary HTML and script code due to insufficient input sanitization. The issue affects versions prior to WP-FeedStats 2.4.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of which involves an rss2 feed with an invalid or missing blog with an XSS sequence in the query string.

Exploits (1)

exploitdb WRITEUP VERIFIED

by David Kierznowski · textwebappsphp

https://www.exploit-db.com/exploits/30403

View Code ZIP pw:eip

The exploit describes an HTML-injection vulnerability in WP-FeedStats plugin for WordPress, allowing execution of arbitrary HTML and script code due to insufficient input sanitization. The issue affects versions prior to WP-FeedStats 2.4.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WP-FeedStats plugin for WordPress < 2.4

No auth needed

Prerequisites: Access to a vulnerable WordPress installation with WP-FeedStats plugin < 2.4

MITRE ATT&CK