Title: Reflected XSS in wordpress plugin nemus-slider v1.2.3 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/nemus-slider |
Downloads: 9285 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: nemus-slider |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./nemus-slider/nemus-slider-preview.php:
35: <h1><em>#<?php echo $_GET["id"]; ?></em><?php echo get_the_title($_GET["id"]); ?></h1>
39: <p><?php _e("This is just a preview of your awesome slider. Use the following shortcode to insert it to any page:", "nemus_slider") ?> <br/><input type="text" value="[nemus_slider id="<?php echo $_GET["id"]; ?>"]" readonly="true" /></p>
The variable id appears to send unsanitized data back to the users browser.
|
CVE-ID: Not Released |
File:./nemus-slider/nemus-slider-preview.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|