GigPress 2.1.10 WordPress Plugin - Stored XSS Vulnerability

2011-02-24T00:00:00
ID EDB-ID:16232
Type exploitdb
Reporter Saif El-Sherei
Modified 2011-02-24T00:00:00

Description

GigPress 2.1.10 Wordpress Plugin - Stored XSS Vulnerability. Webapps exploit for php platform

                                        
                                            # Exploit Title: GigPress 2.1.10 wordpress plugin Stored XSS
# Date: 21-2-2011
# Author: Saif El-Sherei
# Version: GigPress 2.1.10, WordPress 3.0.5
# Tested on: FireFox 3.6.13, IE 8
# Vendor Response: plugin Author released an update to fix this issue


Info:

GigPress is a powerful WordPress plugin designed for musicians and other
performers. Manage all of your upcoming and past performances right from
within the WordPress admin, and display them on your site using simple
shortcodes, PHP template tags, or the GigPress widget on your
WordPress-powered website.

Details:


The user must have "contributer" priv atleast or whatever role the admin
decides would be suitable for event submission, failure to sanitize the
"Notes" field in the "Add A Show" section under "GigPress" Dashboard allows
an attacker to inject malicious HTML code, attacking any user viewing the
page where the malicious show is posted.

POC:

<script>alert('w00t');</script>

Solution:

Upgrade to latest plug-in version