WordPress Database Sync 0.4 Cross Site Scripting

2015.08.04
Credit: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Title: WordPress 'Database Sync' Plugin Version: 0.4 Author: Morten N?rtoft, Kenneth Jepsen & Mikkel Vej Download: - https://wordpress.org/plugins/database-sync/ - https://plugins.svn.wordpress.org/database-sync/ ========================================================== ## Plugin description ========================================================== Sync databases across servers with a single click. ## Vulnerabilities ========================================================== The GET parameter 'url' is printed directly to the page without sanitization making XSS possible. PoC: Log in as admin and visit the following URL: [URL]/wp-admin/tools.php?page=dbs_options&dbs_action=sync&url="><script>alert(1)</script> ## Solution ========================================================== Update to v.0.5. ========================================================== Vulnerabilities found using Eir; an early stage static vulnerability scanner for PHP applications.


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top