Advisory: WordPress Plugin 'Types 1.2.1.1' Cross-Site Request Forgery & Stored Cross-site scripting vulnerability Advisory ID: SSCHADV2013-005 Author: Stefan Schurtz Affected Software: Successfully tested on Types 1.2.1.1 Vendor URL: http://wordpress.org/extend/plugins/types/ Vendor Status: fixed CVE-ID: Requested ========================== Vulnerability Description ========================== The parameter 'skypename' of the WordPress plugin Types 1.2.1.1 is prone to a CSRF and stored XSS vulnerability ================== PoC-Exploit ================== OWASP CRSFTester Demonstration

OWASP CRSFTester Demonstration

========= Solution ========= Upgrade to the latest version ==================== Disclosure Timeline ==================== 30-Mar-2013 - informed plugins@wordpress.org 04-Apr-2013 - fixed by developer ======== Credits ======== Vulnerability found and advisory written by Stefan Schurtz. =========== References =========== http://wordpress.org/extend/plugins/types/changelog/ http://www.darksecurity.de/advisories/2013/SSCHADV2013-005.txt