Plugin WordPress TypeBot versi 1.4.3 mengalami kerentanan skrip lintas situs yang persisten.
# Exploit Title: WordPress Plugin Typebot 1.4.3 - Stored Cross Site Scripting (XSS) (Authenticated)
# Date: 29/11/2021
# Exploit Author: Mansi Singh
# Vendor Homepage: https://wordpress.org/plugins/typebot/
# Software Link: https://wordpress.org/plugins/typebot/
# Tested on Windows
# Reference: https://wpscan.com/vulnerability/2bde2030-2dfe-4dd3-afc1-36f7031a91ea
How to reproduce vulnerability:
1. Install Latest WordPress
2. Install and activate Typebot Version 1.4.3
3. Navigate to Typebot setting >> enter the payload into 'Publish ID or Full URL'.
"><img src=x onerror=confirm(1)>