WordPress Altos Connect Widget 1.3.0 Cross Site Scripting

Type packetstorm
Reporter Morten Nortoft
Modified 2015-07-30T00:00:00


                                            `Title: WordPress 'Altos Connect Widget' Plugin   
Version: 1.3.0  
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej  
Date: 2015-06-15  
- https://wordpress.org/plugins/altos-connect/  
- https://plugins.svn.wordpress.org/altos-connect/  
Notified WordPress: 2015-06-21  
## Plugin description  
Description: Altos Connect registration widget for WordPress®. Altos Connect registration widget for WordPress®. The Altos Connect plugin can be us  
## XSS vulnerability  
The _SERVER variable 'PHP_SELF' is printed without sanitization in a captcha demo page (which is not removed when installing). This can be exploited with a direct link to the vulnerable file.  
It seems like this is fixed in the newest version of jquery-validate, but this plugin has not been patched.  
## Solution  
No fix available  
Vulnerability found using Eir; an early stage static vulnerability scanner for PHP applications.