Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WordPress Max Banner Ads 1.9 Cross Site Scripting

🗓️ 04 Mar 2015 00:00:00Reported by Jing WangType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 38 Views

WordPress "Max Banner Ads" Plugin XSS vulnerabilitie

Code
`*WordPress "Max Banner Ads" Plug-in XSS (Cross-site Scripting) Security  
Vulnerabilities*  
  
  
Exploit Title: Wordpress "Max Banner Ads" Plugin /info.php &zone_id  
Parameter XSS Security Vulnerabilities  
Product: Wordpress "Max Banner Ads" Plugin  
Vendor: MaxBlogPress  
Vulnerable Versions: 1.9 1.8 1.4 1.3.* 1.2.* 1.1 1.09  
Tested Version: Check All Related Versions' Source Code  
Advisory Publication: Mar 04, 2015  
Latest Update: Mar 04, 2015  
Vulnerability Type: Cross-Site Scripting [CWE-79]  
CVE Reference: *  
Credit: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]  
  
  
  
  
  
  
  
*Advisory Details:*  
  
  
*(1) Vendor & Product Description:*  
  
  
*Vendor:*  
MaxBlogPress  
  
  
*Product & Version:*  
Wordpress "Max Banner Ads" Plugin  
1.9 1.8 1.4 1.3.7 1.3.6 1.3.5 1.3.4 1.3.3 1.3.2 1.3.1  
1.3  
1.2.7 1.2.6 1.2.5 1.2 1.1 1.09  
  
  
  
*Vendor URL & Download:*  
Wordpress "Max Banner Ads" Plugin can be downloaded from here,  
http://www.maxblogpress.com/plugins/  
  
  
*Product Introduction:*  
"Easily add and rotate banners in your wordpress blog anywhere you like  
without editing any themes or touching any codes"  
  
  
  
  
  
*(2) Vulnerability Details:*  
Wordpress "Max Banner Ads" Plugin has a web application security bug  
problem. It can be exploited by XSS (Cross-site Scripting) attacks.  
  
  
*(2.1) *The vulnerability occurs at "info.php?" page with "zone_id"  
parameter.  
  
  
  
  
  
  
  
*References:*  
http://tetraph.com/security/xss-vulnerability/wordpress-max-banner-ads-plug-in-xss-cross-site-scripting-security-vulnerabilities/  
http://securityrelated.blogspot.com/2015/03/wordpress-max-banner-ads-plug-in-xss.html  
http://www.inzeed.com/kaleidoscope/computer-web-security/wordpress-max-banner-ads-plug-in-xss-cross-site-scripting-security-vulnerabilities/  
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/wordpress-max-banner-ads-plug-in-xss-cross-site-scripting-security-vulnerabilities/  
https://itinfotechnology.wordpress.com/2015/03/04/wordpress-max-banner-ads-plug-in-xss-cross-site-scripting-security-vulnerabilities/  
http://lists.kde.org/?a=139222176300014&r=1&w=2  
  
  
  
  
  
  
  
--  
Wang Jing,  
Division of Mathematical Sciences (MAS),  
School of Physical and Mathematical Sciences (SPMS),  
Nanyang Technological University (NTU),  
Singapore.  
http://www.tetraph.com/wangjing/  
https://plus.google.com/u/0/+JingWang-tetraph-justqdjing/posts  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Mar 2015 00:00Current
7.4High risk
Vulners AI Score7.4
wordpressmaxbanneradscrosssitescriptingvulnerabilitiesmaxblogpressversion1.9security advisory
38