Title: Reflected XSS in wordpress plugin kkprogressbar v1.1.4.2 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2016-02-09 |
Download Site: https://wordpress.org/plugins/kkprogressbar |
Downloads: 6114 |
Vendor Notified: 2016-02-09 |
Export: Json |
Vendor Contact: plugins@wordpress.org |
Plugin Name: kkprogressbar |
Vulnerability: There is a reflected XSS vulnerability in the following php code ./kkprogressbar/admin-interface.php:
91: <div class="kkpb-alert kkpb-alert-ok"><?php echo __('Task','lang-kkprogressbar'); ?> <strong><?php echo $_POST['kkpb-input-name'][$i]; ?></strong> <?php echo __('saved correctly','lang-kkprogressbar'); ?>.</div>
95: <div class="kkpb-alert kkpb-alert-error"><?php echo __('Task','lang-kkprogressbar'); ?> <strong><?php echo $_POST['kkpb-input-name'][$i]; ?></strong> <?php echo __('not saved. In the free version you can add two tasks for each project. Feel free to purchase the professional version.','lang-kkprogressbar'); ?>.</div>
99: <div class="kkpb-alert kkpb-alert-error"><?php echo __('Task','lang-kkprogressbar'); ?> <strong><?php echo $_POST['kkpb-input-name'][$i]; ?></strong> <?php echo __('not saved. Please contact the plugin author','lang-kkprogressbar'); ?>.</div>
The variable kkpb-input-name appears to send unsanitized data back to the users browser via POST request.
|
CVE-ID: Not Released |
File:./kkprogressbar/admin-interface.php |
Exploit Code: Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.
|