Title: Reflected XSS in wordpress plugin wp-click-info v2.7.4 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/wp-click-info |
Downloads: 9063 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: wp-click-info |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./wp-click-info/wp-click-info-filter.php:
8: <input name="d1" class="d" title="Day" value="<?php echo $_POST["d1"]; ?>" />.
9: <input name="m1" class="m" title="Month" value="<?php echo $_POST["m1"]; ?>" />.
10: <input name="y1" class="y" title="Year" value="<?php echo $_POST["y1"]; ?>" />
14: <input name="d2" class="d" title="Day" value="<?php echo $_POST["d2"]; ?>" />.
15: <input name="m2" class="m" title="Month" value="<?php echo $_POST["m2"]; ?>" />.
16: <input name="y2" class="y" title="Year" value="<?php echo $_POST["y2"]; ?>" />
20: <input name="txt_filter" id="txt_filter" class="" title="Comma-separated Keywords to force item inclusion." value="<?php echo $_POST["txt_filter"]; ?>" />
24: <input name="txt_filter2" id="txt_filter2" class="" title="Comma-separated Keywords to force item exclusion." value="<?php echo $_POST["txt_filter2"]; ?>" />
28: <input name="limit" id="limit" class="" title="" value="<?php echo $_POST["limit"]; ?>" />
The variable d1 appears to send unsanitized data back to the users browser via POST request.
|
CVE-ID: Not Released |
File:./wp-click-info/wp-click-info-filter.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|