Skip to content

Exploit for WordPress core 3.1.3 Persistent SELF XSS Vulnerability

Title: WordPress core 3.1.3 self-XSS

Author: Jelmer de Hen
Software link: 3.1.3
WordPress 3.1.3 has a self-XSS vulnerability in the following pages:/wp-admin/user-edit.php?user_id=<uid>/wp-admin/profile.php
By putting Javascript inside the input elements "first_name", "last_name" or "nickname" the self-XSS will trigger 3 times.

More information:



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.