WordPress ADPlugg 1.1.33 Cross Site Scripting

26 febbraio 2015 - Fonte: http://www.mondounix.com
=====================================================
Stored XSS Vulnerability in ADPlugg  Wordpress Plugin 
=====================================================
 
. contents:: Table Of Content
 
Overview
========
 
* Title :Stored XSS Vulnerability in ADPlugg Wordpress Plugin 
* Author: Kaustubh G. Padwad
* Plugin Homepage: https://wordpress.org/plugins/adplugg/
* Severity: Medium
* Version Affected: 1.1.33 and mostly prior to it
* Version Tested : 1.1.33
* version patched: 1.1.34
 
Description 
===========
 
Vulnerable Parameter  
--------------------
 
*  Access Code
 
About Vulnerability
-------------------
This plugin is vulnerable to a Stored cross site scripting vulnerability,This...

Leggi il seguito »

WordPress WooCommerce 2.2.10 Cross Site Scripting

26 febbraio 2015 - Fonte: http://www.mondounix.com
====================================================
Product: WooCommerce WordPress plugin
Vendor: WooThemes
Tested Version: 2.2.10
Vulnerability Type: Cross-Site Scripting [CWE-79]
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Solved in version 2.2.11
Discovered and Provided: Eric Flokstra - ITsec Security Services
====================================================
[-] About the Vendor:
 
WooCommerce is a popular open source WordPress e-commerce plugin with 
around 6.2 million downloads.It is built by WooThemes and designed for 
small to large-sized online merchants.
 
[-] Advisory Details:
 
The WooCommerce plugin gives users the ability to see their stores 
performance...

Leggi il seguito »

WordPress Google Doc Embedder 2.5.18 Cross Site Scripting

18 febbraio 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'Google Doc Embedder' plugin - XSS
Version: 2.5.18
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015/01/26
Download: https://wordpress.org/plugins/google-document-embedder/
Contacted WordPress: 2015/01/26
==========================================================
 
## Description: 
==========================================================
Lets you embed PDF, MS Office, and many other file types in a web page using the free Google Docs Viewer (no Flash or PDF browser plug-ins required). 
 
 
## XSS:
==========================================================
By tricking a logged in admin into visiting a crafted page, it is possible to perform an XSS attack through the 'profile' parameter.
 
PoC:
Log...

Leggi il seguito »

WordPress Spider Facebook 1.0.10 Cross Site Scripting

18 febbraio 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'WordPress Facebook' plugin - XSS
Version: 1.0.10
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015/01/26
Download: https://wordpress.org/plugins/spider-facebook/
Contacted WordPress: 2015/01/26
==========================================================
 
## Description: 
==========================================================
Spider Facebook is a WordPress integration tool for Facebook.It includes all the available Facebook social plugins and widgets to be added to your web
 
## XSS:
==========================================================
Some parameters are shown unsanitized, making XSS possible.
 
PoC:
Log in as admin an submit one of the following forms:
<form method="POST"...

Leggi il seguito »

WordPress Redirection Page 1.2 CSRF / XSS

18 febbraio 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'Redirection Page' CSRF/XSS
Version: 1.2
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015-01-26
Download: https://wordpress.org/plugins/redirection-page/
Contacted WordPress: 2015-01-26
==========================================================
 
## Plugin description: 
==========================================================
Redirect your specified pages, it is usefull when you have 404/not-found pages. Go to Settings Page to start redirection. 
 
## CSRF:
==========================================================
It is possible to change the plugins redirect settings by tricking a logged in admin to visit a crafted page. 
 
 
## Stored XSS:
==========================================================
Redirect...

Leggi il seguito »

WordPress Cross Slide 2.0.5 Cross Site Request Forgery / Cross Site Scripting

18 febbraio 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'Cross Slide' plugin - XSS/CSRF
Version: 2.0.5
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015/01/26
Download: https://wordpress.org/plugins/crossslide-jquery-plugin-for-wordpress/
Contacted WordPress: 2015/01/26
==========================================================
 
## Plugin description: 
==========================================================
The CrossSlide jQuery plugin for WordPress is designed to quickly add the JS and CSS requirements to operate the jQuery slideshow. 
 
## CSRF:
==========================================================
It is possible to change the plugins admin settings by tricking a logged in admin to visit a crafted page. 
 
 
## Stored XSS:
==========================================================
Settings...

Leggi il seguito »

WordPress Mobile Domain 1.5.2 Cross Site Request Forgery / Cross Site Scripting

18 febbraio 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'Mobile Domain' CSRF/XSS
Version: 1.5.2
Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej
Date: 2015/01/26
Download: https://wordpress.org/plugins/mobile-domain/
Contacted WordPress: 2015/01/26
==========================================================
 
## Description: 
==========================================================
Redirect WordPress blog from desktop domain to mobile subdomain and create Mobile XML Sitemap. 
 
## CSRF:
==========================================================
It is possible to change the plugins admin settings by tricking a logged in admin to visit a crafted page. 
 
 
## Stored XSS:
==========================================================
Settings data...

Leggi il seguito »

WordPress Geo Mashup 1.8.2 Cross Site Scripting

6 febbraio 2015 - Fonte: http://www.mondounix.com
Vulnerability title: Wordpress Geo Mashup plugin XSS
Author: Paolo Perego
CVE: CVE-2015-1383
Affected versions: <= 1.8.2
Fixed version: 1.8.3 (January, 11 2015)
Product link: https://wordpress.org/plugins/geo-mashup/
 
Description
Geo Mashup is a wordpress plugin  designed to let you save location
information with posts, pages, and other WordPress objects. These
information can then be presented on interactive maps in many ways.
Plugin versions before 1.8.3 suffer from a cross site scripting
vulnerability when displaying search results. The search key was not
properly sanitized so an attacker can eventually inject arbitrary
javascript code.
 
Fix
People can use Wordpress backend provided functionalities to upgrade
Wordpress...

Leggi il seguito »

WordPress Photo Gallery 1.2.8 Cross Site Scripting

6 febbraio 2015 - Fonte: http://www.mondounix.com
[CVE-2015-1394] Photo Gallery (Wordpress Plugin) - Multiple XSS Vulnerabilities Version 1.2.8
 
----------------------------------------------------------------
 
Product Information:
 
Software: Photo Gallery (Wordpress Plugin)
Tested Version: 1.2.8, released on 15.01.2015 and has over half a million downloads.
Vulnerability Type: Cross-site Scripting (CWE-79)
Download link to tested version: https://downloads.wordpress.org/plugin/photo-gallery.1.2.8.zip 
Description: Photo Gallery is an advanced plugin with a list of tools and options for adding and editing images for different views. It is fully responsive. The product includes plugin for adding image galleries and albums to posts and pages, as well as multiple widgets....

Leggi il seguito »

WordPress Photo Gallery 1.2.8 SQL Injection

6 febbraio 2015 - Fonte: http://www.mondounix.com
[CVE-2015-1393] Photo Gallery (Wordpress Plugin) - SQL Injection in Version 1.2.8
 
----------------------------------------------------------------
 
Product Information:
 
Software: Photo Gallery (Wordpress Plugin)
Tested Version: 1.2.8, released on 15.01.2015 and has over half a million downloads.
Vulnerability Type: SQL Injection (CWE-89)
Download link to tested version: https://downloads.wordpress.org/plugin/photo-gallery.1.2.8.zip 
Description: Photo Gallery is an advanced plugin with a list of tools and options for adding and editing images for different views. It is fully responsive. The product includes plugin for adding image galleries and albums to posts and pages, as well as multiple widgets. You can add images,...

Leggi il seguito »