WordPress Testimonial Slider 1.2.1 Cross Site Scripting

2015.09.01
Credit: Arash Khazaei
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

GhostMail <!-- # Exploit Title: Wordpress Testimonial Slider Stored XSS # Date: 2015/8/31 # Exploit Author: Arash Khazaei # Vendor Homepage: https://wordpress.org/plugins/testimonial-slider/ # Software Link: https://downloads.wordpress.org/plugin/testimonial-slider.1.2.1.zip # Version: 1.2.1 # Tested on: Kali , Iceweasel Browser # CVE : N/A # Contact : twitter.com/0xClay # Email : junkyboy@ghostmail.com # Site : http://bhunter.ir # Intrduction : # Wordpress Testimonial Slider Plugin Have 10,000+ Active Install # And Suffer From A Stored XSS Vulnerability In Slider Name Section . # Authors , Editors And Of Course Administrators Can Use This Vulnerability To Harm WebSite . --> Exploit : For Exploiting This Vulnerability Install Testimonial Slider Plugin Then Create New Slider In Slider Name Input Place Your JavaScript Code After Creating Slider JavaScript Code Will Be Executed . Image POC : Vulnerable Code : <h3><?php _e('Reorder the Posts/Pages Added To','testimonial-slider'); ?> <?php echo $slider['slider_name'];?>(Slider ID = <?php echo $slider['slider_id'];?>)</h3> For Patching : <h3><?php _e('Reorder the Posts/Pages Added To','testimonial-slider'); ?> <?php echo htmlspecialchars($slider['slider_name']);?>(Slider ID = <?php echo $slider['slider_id'];?>)</h3> <!-- Discovered By Arash Khazaei (Aka JunkyBoy) --> This email was sent from Secure GhostMail <https://www.ghostmail.com>. Easy and free encrypted email, chat and cloud storage for everybody. Free sign up now <https://www.ghostmail.com>.

References:

https://wordpress.org/plugins/testimonial-slider/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top