Title: Reflected XSS in wordpress plugin edik-enhanced-image-editor v0.1.2 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/edik-enhanced-image-editor |
Downloads: 7067 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: edik-enhanced-image-editor |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./edik-enhanced-image-editor/edik.php:
165: $('<input type="button" value="Extended image edit" class="button edik-wp-extended-edit" data-src="<?php echo get_site_url(); ?>/wp-admin/admin-ajax.php?action=edik_get_editor_content&image=<?php echo $_GET["post"]; ?>">').insertAfter(standard_btn);
The variable post appears to send unsanitized data back to the users browser.
|
CVE-ID: Not Released |
File:./edik-enhanced-image-editor/edik.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|