关联漏洞
标题:WordPress plugin Knowledge Base 跨站脚本漏洞 (CVE-2025-7431)Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Knowledge Base 2.3.1及之前版本存在跨站脚本漏洞,该漏洞源于输入清理和转义不足,可能导致存储型跨站脚本攻击。
Description
CVE-2025-7431
介绍
# Proof of Concept – CVE-2025-7431 Knowledge Base <= 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Slug
## CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N ------- 4.4
## Vulnerability Overview
An authenticated attacker Administrator can exploit a Stored Cross-Site Scripting (XSS) vulnerability in the Knowledge Base plugin for WordPress by injecting malicious shortcode content into the plugin's settings.
## Steps to Reproduce
1. The tester navigates to:
```
WordPress Admin Dashboard → Knowledge Base → Settings
```
2. In the Knowledge Base Slug field (within the Slug options section), the attacker injects the following malicious payload using the vulnerable [kbalert] shortcode:
```
[kbalert type='" onmouseover="alert('hacked_by_nagisa_yumaa')"']XSS[/kbalert]
```
3. Trigger xss
When a victim (such as an administrator or any logged-in user) accesses the “All Articles” view of the Knowledge Base, the malicious JavaScript embedded in the slug is rendered and automatically executed, triggering the attack.
## Security Impact
* Persistent XSS leads to:
* Session hijacking
* Admin account takeover
* Phishing within WordPress dashboard
* The vulnerability affects all versions ≤ 2.3.1
文件快照
[4.0K] /data/pocs/3ddc186170de199dc239a04b13d18446922792e5
├── [ 72K] 1.png
├── [196K] 2.png
├── [ 82K] 3.png
├── [1.3K] README.md
└── [1.2K] report.md
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。