| Title: Reflected XSS in wordpress plugin betteroptin v1.2.4 |
| Author: Larry W. Cashdollar, @_larry0 |
| Date: 2016-02-09 |
| Download Site: https://wordpress.org/plugins/betteroptin |
| Downloads: 3250 |
| Vendor Notified: 2016-02-09 |
| Export: Json |
| Vendor Contact: plugins@wordpress.org |
| Plugin Name: betteroptin |
| Vulnerability: There is a reflected XSS vulnerability in the following php code ./betteroptin/vendor/gambitph/titan-framework/iframe-font-preview.php:
99: font-family: <?php echo $_GET['font-family'] ?>;
100: color: <?php echo $_GET['color'] ?>;
101: font-size: <?php echo $_GET['font-size'] ?>;
102: font-weight: <?php echo $_GET['font-weight'] ?>;
103: font-style: <?php echo $_GET['font-style'] ?>;
104: line-height: <?php echo $_GET['line-height'] ?>;
105: letter-spacing: <?php echo $_GET['letter-spacing'] ?>;
106: text-transform: <?php echo $_GET['text-transform'] ?>;
107: font-variant: <?php echo $_GET['font-variant'] ?>;
141: <body class='<?php echo $_GET['dark'] ?>'>
The variable font-family appears to send unsanitized data back to the users browser.
|
| CVE-ID: Not Released |
| File:./betteroptin/vendor/gambitph/titan-framework/iframe-font-preview.php |
| Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|