Skip to content

Add CVE-2016-15041 MainWP Dashboard Stored XSS #14668

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
syedazeez337 wants to merge 1 commit into from
Closed

Add CVE-2016-15041 MainWP Dashboard Stored XSS #14668

syedazeez337 wants to merge 1 commit into from

Conversation

@syedazeez337
Copy link

@syedazeez337 syedazeez337 commented Jan 1, 2026

/claim #14559

Summary

  • Adds detection for CVE-2016-15041: Unauthenticated Stored XSS in MainWP Dashboard plugin
  • Pure POC-based template without version-based detection (per bounty guidelines)
  • Exploits the mwp_setup_purchase_username parameter in the Quick Setup Wizard

Key Features

  • Multiple nonce extraction patterns (3 regex patterns)
  • Complete classification: CVSS 3.1 (6.1), CWE-79, EPSS 0.67231, CPE
  • Enhanced metadata: shodan-query, fofa-query, google-query
  • Unauthenticated attack vector

Attack Flow

  1. GET /wp-admin/admin-post.php?page=mainwp-setup&step=installation - Extract nonce
  2. POST payload to purchase_extension endpoint with nonce
  3. GET verify endpoint - Confirm payload is stored

Validation

  • Template validated: nuclei -validate -t CVE-2016-15041.yaml
  • Competitor's PR (Add Nuclei Template for CVE-2016-15041 #14560) uses version detection which violates bounty guidelines
  • This template follows guidelines: complete POC, no version dependency

References

feat(cve): add CVE-2016-15041 MainWP Dashboard Stored XSS
ad48cee 
- Complete POC-based template without version-based detection
- Multiple nonce extraction patterns for reliability
- Full classification (CVSS 3.1, CWE-79, EPSS 0.67231, CPE)
- Enhanced metadata (shodan, fofa, google queries)
- Unauthenticated stored XSS via mwp_setup_purchase_username parameter

Refs: projectdiscovery#14559
@algora-pbc algora-pbc bot mentioned this pull request Jan 1, 2026
Closed
@github-actions github-actions bot requested a review from theamanrawat January 1, 2026 16:13
@pussycat0x pussycat0x added the Done Ready to merge label Jan 5, 2026
@pussycat0x
Copy link
Contributor

pussycat0x commented Jan 5, 2026

Hi @syedazeez337 we already received Pr this for #14560, Thank you for your interest.

@pussycat0x pussycat0x closed this Jan 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@theamanrawat theamanrawat Awaiting requested review from theamanrawat

Assignees

@ritikchaddha ritikchaddha

Labels

🙋 Bounty claim Done Ready to merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@syedazeez337 @pussycat0x @ritikchaddha