Title: Wordpress plugin Reflected XSS in connections v8.5.8 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-01-26 |
CVE-ID:[CVE-2016-0770] |
CWE: |
Download Site: https://wordpress.org/plugins/connections/ |
Vendor: https://profiles.wordpress.org/shazahm1hotmailcom/ |
Vendor Notified: 2016-01-28 |
Vendor Contact: |
Advisory: |
Description: An easy to use directory plugin to create an address book, business directory, staff directory or church directory. |
Vulnerability: Line 320 contains unfiltered user input for the search field being sent directly via echo back to the users browser via the ’s’ variable.
In file includes/admin/pages/manage.php
320: <input type="search" id="entry-search-input" name="s"
value="<?php if ( isset( $_GET['s'] ) && ! empty( $_GET['s'] ) ) echo
$_GET['s'] ; ?>" />
|
Export: JSON TEXT XML |
Exploit Code: |
Screen Shots: |
Notes: |
Larry W. Cashdollar
Larry Cashdollar
Larry W. Cashdollar vulnerability
Larry Cashdollar advisory