Lucene search
+L

WordPress Pie Register 2.0.18 Cross Site Scripting

🗓️ 12 Oct 2015 00:00:00Reported by David MooreType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 58 Views

WordPress Pie Register 2.0.18 XSS vulnerability

Related
Code
ReporterTitlePublishedViews
Family
0day.today
WordPress Pie Register 2.0.18 Cross Site Scripting / SQL Injection Vulnerabilities
13 Oct 201500:00
zdt
Circl
CVE-2015-7377
9 Oct 202412:19
circl
CNVD
WordPress Pie Register Plugin Cross-Site Scripting Vulnerability
13 Oct 201500:00
cnvd
CVE
CVE-2015-7377
16 Oct 201520:00
cve
Cvelist
CVE-2015-7377
16 Oct 201520:00
cvelist
EUVD
EUVD-2015-7301
7 Oct 202500:30
euvd
Nuclei
WordPress Pie-Register <2.0.19 - Cross-Site Scripting
18 Jul 202608:12
nuclei
NVD
CVE-2015-7377
16 Oct 201520:59
nvd
OpenVAS
WordPress Pie Register Cross-Site Scripting Vulnerability
20 Oct 201500:00
openvas
Patchstack
WordPress Pie Register Plugin <= 2.0.18 - XSS
25 Sep 201500:00
patchstack
Rows per page
`  
Details  
================  
Software: Pie Register  
Version: 2.0.18  
Homepage: https://github.com/GTSolutions/Pie-Register  
CVE: CVE-2015-7377 (Pending)  
CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N)  
CWE: CWE-79  
  
Description  
================  
An unauthenticated reflected XSS vulnerability in Pie Register 2.0.18 allows malicious script injection via the invitaion_code parameter. Pie Register is a WordPress plugin with over 10,000 active installs.  
  
Vulnerability  
================  
The vulnerability is due to the unsanitized GET parameter invitaion_code:  
  
From: pie-register/pie-register.php:  
647: $inv_code = base64_decode($_GET['invitaion_code']);  
. . .  
662: <h2><?php _e("Activation Code","piereg");echo " : ".$inv_code; ?></h2>  
  
Proof of concept  
================  
The payload is Base64 encoded.  
  
http://localhost/wordpress/?page=pie-register&show_dash_widget=1&invitaion_code=PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==  
  
Tested on Firefox 41.0 and Chrome 45.0.2454.85.  
  
Remediation  
================  
Upgrade the plugin to version 2.0.19.  
  
Timeline  
================  
2015-09-23: Discovered  
2015-09-24: Contacted vendor via website support form  
2015-08-24: Requested CVE  
2015-09-28: Vendor supplied security contact email  
2015-09-30: Report sent to vendor and wordpress.org  
2015-10-02: Vendor releases version 2.0.19 on Github - confirmed fixed  
2015-10-12: Public Disclosure  
  
References  
================  
[1] http://codex.wordpress.org/Data_Validation  
  
Discovered by  
================  
David Moore @grajagandev  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation