Vulners
Lucene search
WordPress PressForward 4.3.0 Cross Site Scripting Vulnerability
Advisory Title: WordPress PressForward Plugin Security Vulnerability
Software: WordPress PressForward plugin
Language: PHP
Version: 4.3.0 and below
Vendor Status: Vendor contacted
Release Date: 2017/08/07
Risk: Medium
1. General Overview
===================
During the security audit of PressForward plugin for WordPress CMS,
security vulnerability was discovered using DefenseCode ThunderScan
application source code security analysis platform.
More information about ThunderScan is available at URL:
http://www.defensecode.com
2. Software Overview
====================
According to the plugin developers, PressForward provides an editorial
workflow for content aggregation and curation within the WordPress
dashboard. It is designed for bloggers and editorial teams who wish to
collect, discuss, and share content from a variety of sources on the
open web.
It's users and partners include numerous universities, centers,
laboratories, colleges and various kinds of organizations.
Homepage:
https://wordpress.org/plugins/pressforward/
http://pressforward.org/
3. Vulnerability Description
============================
During the security analysis, ThunderScan discovered Cross-Site
Scripting vulnerability in PressForward WordPress plugin.
The Cross-Site Scripting vulnerability can enable the attacker to
construct the URL that contains malicious JavaScript code. If the
administrator of the site makes a request to such an URL, the
attacker's code will be executed, with unrestricted access to the
WordPress site in question. The attacker can entice the administrator
to visit the URL in various ways, including sending the URL by email,
posting it as a part of the comment on the vulnerable site or another
forum.
The vulnerability was tested using Apache web server.
3.1 Cross-Site Scripting
Vulnerable Function: echo
Vulnerable Variable: $_SERVER['PHP_SELF']
Vulnerable URL:
http://vulnerablesite.com/wp-admin/admin.php/%22%3E%3Cimg%20src=x%20onerror=alert(42)%3E/?page=pf-menu#ready
File: pressforward-master\Core\Admin\PFTemplater.php
---------
198 <form id="feeds-search" method="post" action="<?php echo
basename( $_SERVER['PHP_SELF'] ) . '?' . $_SERVER['QUERY_STRING'] .
'&action=post'; ?>">
---------
4. Solution
===========
Vendor should resolve the security issues in next release. All users
are strongly advised to update WordPress PressForward plugin to the
latest available version as soon as the vendor releases an update that
fixes the vulnerability.
5. Credits
==========
Discovered with DefenseCode ThunderScan source code security analyzer
by Neven Biruski.
6. Disclosure Timeline
======================
2017/05/31 Vendor contacted
2017/08/07 Advisory released to the public
# 0day.today [2018-04-10] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Aug 2017 00:00Current
0.1Low risk
Vulners AI Score0.1