Title: Reflected XSS in wordpress plugin wp2yt-uploader v2.0.4.5 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/wp2yt-uploader |
Downloads: 80502 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: wp2yt-uploader |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./wp2yt-uploader/inc/upload_content.php:
309: <input type="text" id="video-title" name="video-title" placeholder="Enter Search Term" <?php if ( isset($_GET['video-title']) ) { ?> value="<?php echo $_GET['video-title']; ?> " <?php } ?> required>
313: <textarea id="video-details" name="video-details" placeholder="Video Details" <?php if ( isset($_GET['video-details']) ) { ?> value="<?php echo $_GET['video-details']; ?> " <?php } ?>><?php if ( isset($_GET['video-details']) ) { echo $_GET['video-details']; } ?></textarea>
The variable video-title appears to send unsanitized data back to the users browser.
|
CVE-ID: Not Released |
File:./wp2yt-uploader/inc/upload_content.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|