Lucene search

K

WordPress MailChimp 3.1.5 / 4.0.10 Cross Site Scripting

🗓️ 15 Dec 2016 00:00:00Reported by Tom AdamsType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 85 Views

MailChimp for WordPress 3.1.5 / 4.0.10 XSS vulnerabilit

Show more
Code
`Details  
================  
Software: MailChimp for WordPress  
Version: 3.1.5,4.0.10  
Homepage: http://wordpress.org/plugins/mailchimp-for-wp/  
Advisory report: https://security.dxw.com/advisories/reflected-xss-in-mailchimp-for-wordpress-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/  
CVE: Awaiting assignment  
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)  
  
Description  
================  
Reflected XSS in MailChimp for WordPress could allow an attacker to do almost anything an admin user can  
  
Vulnerability  
================  
If an attacker can trick a logged-in admin user intoA visiting a particular URL, they can execute JavaScript in the useras browser which can perform almost any action that the user can.  
  
Proof of concept  
================  
Assuming you have the site running on http://localhost/ with the plugin activated, visit this URL in a browser without reflected XSS mitigation measures (i.e. Firefox):  
http://localhost/wp-admin/admin.php?page=mailchimp-for-wp-integrations&integration=%3Cscript%3Ealert%281%29%3C%2Fscript%3E  
  
Mitigations  
================  
Update to versionA 4.0.11 or later.  
  
Disclosure policy  
================  
dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: https://security.dxw.com/disclosure/  
  
Please contact us on [email protected] to acknowledge this report if you received it via a third party (for example, [email protected]) as they generally cannot communicate with us on your behalf.  
  
This vulnerability will be published if we do not receive a response to this report with 14 days.  
  
Timeline  
================  
  
2016-03-23: Discovered  
2016-12-07: Reported toA [email protected]  
2016-12-07: Requested CVE  
2016-12-07: Vendor first replied  
2016-12-09: Vendor reported fixed inA 4.0.11  
2016-12-13: Advisory published  
  
  
  
Discovered by dxw:  
================  
Tom Adams  
Please visit security.dxw.com for more information.  
  
  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
15 Dec 2016 00:00Current
0.2Low risk
Vulners AI Score0.2
85
.json
Report