Title: Reflected XSS in wordpress plugin dc-woocommerce-multi-vendor v2.3.3 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/dc-woocommerce-multi-vendor |
Downloads: 10292 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: dc-woocommerce-multi-vendor |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./dc-woocommerce-multi-vendor/templates/shortcode/vendor_transactions.php:
34: <div class="wcmp_mixed_txt some_line"> <span><?php _e( ' Showing stats and reports for :', $WCMp->text_domain );?> </span><?php echo $_GET['from_date'] .'-'. $_GET['to_date']; ?>
46: <input id="wcmp_from_date" name="from_date" class="pickdate gap1" placeholder="From" value ="<?php echo $_GET['from_date']; ?>"/>
47: <input id="wcmp_to_date" name="to_date" class="pickdate" placeholder="To" value ="<?php echo $_GET['to_date'];?>"/>
74: <input type="hidden" id="export_transaction_start_date" name="from_date" value="<?php echo $_GET['from_date'];?>" /><input id="export_transaction_end_date" type="hidden" name="to_date" value="<?php echo $_GET['to_date'];?>" />
The variable from_date appears to send unsanitized data back to the users browser.
|
CVE-ID: Not Released |
File:./dc-woocommerce-multi-vendor/templates/shortcode/vendor_transactions.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|