Title: WordPress 'Database Sync' Plugin
Version: 0.4
Author: Morten N?rtoft, Kenneth Jepsen & Mikkel Vej
Download:
- https://wordpress.org/plugins/database-sync/
- https://plugins.svn.wordpress.org/database-sync/
==========================================================
## Plugin description
==========================================================
Sync databases across servers with a single click.
## Vulnerabilities
==========================================================
The GET parameter 'url' is printed directly to the page without sanitization making XSS possible.
PoC:
Log in as admin and visit the following URL:
[URL]/wp-admin/tools.php?page=dbs_options&dbs_action=sync&url="><script>alert(1)</script>
## Solution
==========================================================
Update to v.0.5.
==========================================================
Vulnerabilities found using Eir; an early stage static vulnerability scanner for PHP applications.