# CVE : CVE-2023-5817 # 1. Description: The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in 1.1 and above versions. # 2. Proof of Concept (PoC): a. Install and activate version 1.0 of the plugin. b. Go to the posts page and create new post. c. Add shorcode block and insert the following payload: [neontext_box][neontext color='"onmouseover="alert(document.domain)"']TEST[/neontext][/neontext_box] d. Save the changes and preview the page. Popup window demonstrating the vulnerability will be executed.