CVE-2024-11412 PoC — Shine PDF Embeder <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Source

https://github.com/windz3r0day/CVE-2024-11412

Associated Vulnerability

Title:Shine PDF Embeder <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting (CVE-2024-11412)
Description:The Shine PDF Embeder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shinepdf' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Description

CVE-2024-11412 poc exploit

Readme

# CVE-2024-11412
CVE-2024-11412 poc exploit 

The Shine PDF Embeder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shinepdf' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

File Snapshot


 [4.0K]  /data/pocs/30a1d88b89672a43fa52e7992fba76125686bec9
├── [4.0K]  CVE-2024-11412
│   └── [ 202]  CVE-2024-11412.txt
└── [ 497]  README.md

1 directory, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!