##################################### Title:- XSS In Image-Metadata-Cruncher Author: Kaustubh G. Padwad Product: image-metadata-cruncher pluginURL:https://wordpress.org/plugins/image-metadata-cruncher/ Severity: Medium Auth: Requierd # Description: Vulnerable Parameter: Alternate text: Caption: Custom image meta tags: # Vulnerability Class: Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)) # About Vulnerability: This plugin is vulnerable to reflected XSS. #Steps to Reproduce: (POC): After installing plugin Enter this URL 1. Login to wordpress Navigate to this URL 2.http://localhost/wordpress/wp-admin/plugins.php?page=image_metadata_cruncher-options&settings-updated=true The follwing fileds are vulabrable to XSS Alternate text: Need to paste the payload this prevent from typing script Caption: Need to paste the payload this prevent from typing script Custom image meta tags: Need to paste the payload this prevent from typing script #Impact This vulnablerbility can be tricked using CSRF and can use xss to steal tthe cookie,creadintial code execution etc. # Disclosure: 1-feb-2015 Repoerted to Developer 2-Feb-2015 Acknodlagement from Developer 8-feb-2015 Ask update from developer 13-feb-2015 Inform developer about Public discloser with confirmation of patching this in next realese 14-feb-2015 Inform to Bugtraq,Public Disclose #credits: Kaustubh Padwad Information Security Researcher kingkaustubh@me.com https://twitter.com/s3curityb3ast http://breakthesec.com https://www.linkedin.com/in/kaustubhpadwad