Title: Reflected XSS in wordpress plugin wp-widget-bundle v1.0.0 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/wp-widget-bundle |
Downloads: 1739 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: wp-widget-bundle |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./wp-widget-bundle/include/forms/wpwb-link-form.php:
29: <td><input type="text" name="wpwb_title" class="wpaw-regular-text" id="wpwb_title" value="<?php echo $_POST['wpwb_title']; ?>" />
117: <td><input type="text" name="wpwb_data[link][link_display_nol]" id="category_title" class="wpaw-regular-text" value="<?php echo $_POST['wpwb_data']['link']['link_display_nol']; ?>" />
The variable wpwb_title appears to send unsanitized data back to the users browser via POST request.
|
CVE-ID: Not Released |
File:./wp-widget-bundle/include/forms/wpwb-link-form.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|