# Exploit Title: KeepInMind 0.8.4.2 - Stored XSS # Date: 2026-06-12 # Exploit Author: Pavan N # Vendor Homepage: https://wordpress.org/plugins/keepinmind-dashboard-notes/ # Software Link: https://downloads.wordpress.org/plugin/keepinmind-dashboard-notes.0.8.4.3.zip # Version: <= 0.8.4.2 # Tested on: WordPress 6.x / Linux # CVE: CVE-2026-9271 # CVSS Score: 9.0 (Critical) 1. Technical Description: The KeepInMind - Dashboard Notes plugin (version 0.8.4.2 and below) fails to properly restrict dangerous CSS properties within the 'wp_kses' sanitization filter when processing the 'content' parameter via its REST API endpoint. Authenticated attackers with Contributor+ privileges can inject custom HTML/CSS utilizing 'position: fixed', 'z-index', and viewport units (vw/vh). When an Administrator views the dashboard, the payload renders globally over the viewport, redressing the UI to spoof a high-fidelity "Session Expired" re-authentication prompt, enabling administrative account takeover. 2. Proof of Concept / Payload Template: An attacker sends a POST request to the plugin's note-saving REST endpoint with the following HTML payload structure: