WordPress Plugin Social Share Buttons-Social Pug Cross-Site Scripting

2017-04-25T00:00:00
ID SSV:93046
Type seebug
Reporter Anonymous
Modified 2017-04-25T00:00:00

Description

Vulnerability

This plugin takes input from $_GET and puts it directly into HTML without escaping it. This means that anybody who is able to convince an admin user to click on a link would be able to take control of their browser on that domain name and delete posts, add new admin users, etc..

Proof of concept

Log in as an admin user with this plugin activated, using a browser without reflected XSS prevention (i.e. Firefox). Visit this URL:

/wp-admin/admin.php?page=dpsp-toolkit&settings-updated=1&dpsp_message_id=0&dpsp_message_class=%22%3E%3Cscript%3Ealert(1)%3C/script%3E

Mitigation/further actions

Update to version 1.2.6 or later.