Title: Reflected XSS in wordpress plugin bestsmallshoplite |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/bestsmallshoplite |
Downloads: 4468 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: bestsmallshoplite |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./bestsmallshoplite/checkout.php:
7:<strong><?php echo $_POST['first_name']; ?>, thank you for the information this means your order can now be processed.</strong>
9:<p>We have just sent you an e-mail to <?php echo $_POST['email']; ?> confirming your order. If you have any questions please contact us a quote your order reference <strong><?php echo substr($_SESSION['BSS'],0,10); ?>.</strong>
The variable first_name appears to send unsanitized data back to the users browser via POST request.
|
CVE-ID: Not Released |
File:./bestsmallshoplite/checkout.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|