WordPress Yoast 2.1.1 Cross Site Scripting

2015.06.16
Credit: Anonymous
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

============================================================ Info ============================================================ Affects: Yoast Wordpress SEO Plugin <= 2.1.1 Download URL: https://wordpress.org/plugins/wordpress-seo/ Advisory URL: https://inventropy.us/blog/yoast-seo-plugin-cross-site-scripting-vulnerability/ Acknowledgement: https://wordpress.org/plugins/wordpress-seo/changelog/ ============================================================ Description ============================================================ The "snippet preview" functionality of the Yoast WordPress SEO plugin prior to version 2.2 was susceptible to cross-site scripting in the admin panel, related to the "metabox" functionality. This vulnerability appears to have been reported 2 years ago by someone named "badconker" (link: https://wordpress.org/support/topic/security-issue-with-post-title-field-xss-vulnerability#post-3575617), but the plugin author said that it had already been patched at the time. The issue can be triggered by entering arbitrary HTML into the post title field, such as in the example URL provided below. ============================================================ Vulnerable URL ============================================================ http://example.site/wp-admin/post-new.php?post_title=<img onerror=alert(1) src=> ============================================================ Vulnerable Code ============================================================ try { str = jQuery('<div/>').html(str).text(); str = str.replace(/<\/?[^>]+>/gi, ''); str = str.replace(/\[(.+?)\](.+?\[\/\\1\])?/g, ''); } catch (e) {} Link: https://github.com/Yoast/wordpress-seo/blob/2.1.1/js/wp-seo-metabox.js#L1-13 ============================================================ Fix ============================================================ Updating to the latest version (2.2.1 at the time of this advisory) will fix this issue.

References:

https://inventropy.us/blog/yoast-seo-plugin-cross-site-scripting-vulnerability/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top