WordPress Altos Connect Widget 1.3.0 Cross Site Scripting

2015.08.04
Credit: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Title: WordPress 'Altos Connect Widget' Plugin Version: 1.3.0 Author: Morten N?rtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-15 Download: - https://wordpress.org/plugins/altos-connect/ - https://plugins.svn.wordpress.org/altos-connect/ Notified WordPress: 2015-06-21 ========================================================== ## Plugin description ========================================================== Description: Altos Connect registration widget for WordPress?. Altos Connect registration widget for WordPress?. The Altos Connect plugin can be us ## XSS vulnerability ========================================================== The _SERVER variable 'PHP_SELF' is printed without sanitization in a captcha demo page (which is not removed when installing). This can be exploited with a direct link to the vulnerable file. PoC: [URL]/wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/"><script>alert(1)</script> It seems like this is fixed in the newest version of jquery-validate, but this plugin has not been patched. ## Solution ========================================================== No fix available ========================================================== Vulnerability found using Eir; an early stage static vulnerability scanner for PHP applications.


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top