CVEs-PoC/2019/CVE-2019-17674.md

CVE-2019-17674

Description

WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer.

POC

Reference

• https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html

Github

• https://github.com/20142995/nuclei-templates
• https://github.com/ARPSyndicate/cvemon
• https://github.com/Afetter618/WordPress-PenTest
• https://github.com/El-Palomo/DerpNStink
• https://github.com/El-Palomo/SYMFONOS
• https://github.com/NeoOniX/5ATTACK
• https://github.com/namhikelo/Symfonos1-Vulnhub-CEH