Exploitation Summary
EIP tracks 1 public exploit for CVE-2015-9357. PoCs published by saretawa.
AI-analyzed exploit summary This PoC exploits a stored XSS vulnerability in WordPress's smiley/emoticon parser (CVE-2015-9357) to break out of attribute context and execute JavaScript in an admin's session. The exploit chains this to forge a nonce and create a new administrator account via the WordPress user creation endpoint.
Description
The akismet plugin before 3.1.5 for WordPress has XSS.
Exploits (1)
This PoC exploits a stored XSS vulnerability in WordPress's smiley/emoticon parser (CVE-2015-9357) to break out of attribute context and execute JavaScript in an admin's session. The exploit chains this to forge a nonce and create a new administrator account via the WordPress user creation endpoint.
References (1)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N