WordPress User Submitted Posts 20151113 Cross Site Scripting

2016.02.26
Credit: Panagiotis Vagenas
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

* Exploit Title: WordPress User Submitted Posts Plugin [Persistent XSS] * Discovery Date: 2016-02-10 * Exploit Author: Panagiotis Vagenas * Author Link: https://twitter.com/panVagenas * Vendor Homepage: https://plugin-planet.com/ * Software Link: https://wordpress.org/plugins/user-submitted-posts/ * Version: 20151113 * Tested on: WordPress 4.4.2 * Category: WebApps, WordPress Description ----------- _User Submitted Posts_ plugin for WordPress suffers from a XSS vulnerability. The `user-submitted-content` field of the new post submission form is not properly sanitized, thus allowing users to include JS code to submitted post content. Normally only users with `unfiltered_html` capability are allowed to include JS code to post content. By default Administrators or Super Administrators have this capability, so this is considered as Persistent XSS vulnerability. PoC --- 1. Submit the form inserting JS code to post content 2. View the newly created post 3. JS code is executed Solution -------- Upgrade to v20160215 Timeline -------- 1. **2016-02-10**: Vendor notified via contact form at his website 2. **2016-02-10**: Vendor responded and received details about the issue 3. **2016-02-14**: Vendor released version 20160215 User Submitted Posts [Persistent XSS].md ???* Exploit Title: User Submitted Posts [Persistent XSS] * Discovery Date: 2016-02-10 * Exploit Author: Panagiotis Vagenas * Author Link: https://twitter.com/panVagenas * Vendor Homepage: https://plugin-planet.com/ * Software Link: https://wordpress.org/plugins/user-submitted-posts/ * Version: 20151113 * Tested on: WordPress 4.4.2 * Category: WebApps, WordPress Description ----------- _User Submitted Posts_ plugin for WordPress suffers from a XSS vulnerability. The `user-submitted-content` field of the new post submission form is not properly sanitized, thus allowing users to include JS code to submitted post content. Normally only users with `unfiltered_html` capability are allowed to include JS code to post content. By default Administrators or Super Administrators have this capability, so this is considered as Persistent XSS vulnerability. PoC --- 1. Submit the form inserting JS code to post content 2. View the newly created post 3. JS code is executed Solution -------- Upgrade to v20160215 Timeline -------- 1. **2016-02-10**: Vendor notified via contact form at his website 2. **2016-02-10**: Vendor responded and received details about the issue 3. **2016-02-14**: Vendor released version 20160215


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top