WordPress Advertisement Management 1.0 Cross Site Scripting

31 agosto 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'Advertisement Management' Plugin 
Version: 1.0
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Date: 2015-06-16
Download: 
- https://wordpress.org/plugins/advertisement-management/
- https://plugins.svn.wordpress.org/advertisement-management/
Notified WordPress: 2015-06-21
==========================================================
 
## Plugin description
==========================================================
Advertisement Management lets you administrate all the blog advertisements diretctly from the blog backend.
 
## XSS/CSRF vulnerabilities
==========================================================
The settings on the admin page is vulnerable to XSS.
 
PoC:
Log in as admin and...

Leggi il seguito »

WordPress arcResBookingWidget 1.0 Cross Site Scripting

31 agosto 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'arcResBookingWidget' Plugin 
Version: 1.0
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Date: 2015-06-16
Download: 
- https://wordpress.org/plugins/arcres-booking-engine/
- https://plugins.svn.wordpress.org/arcres-booking-engine/
Notified Vendor/WordPress: 2015-06-21
==========================================================
 
## Plugin description
==========================================================
Embeds the arcRes Booking Widget on a travel supplier website and ensures it is displayed for all arcRes-driven referrals.
 
## XSS/CSRF vulnerability
==========================================================
The iconmap admin setting is vulnerable to stored XSS and can be set using CSRF.
 
PoC:
Login...

Leggi il seguito »

WordPress Content Grabber 1.0 Cross Site Scripting

31 agosto 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'Content Grabber' Plugin 
Version: 1.0
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Date: 2015-06-14
Download: 
- https://wordpress.org/plugins/content-grabber/
- https://plugins.svn.wordpress.org/content-grabber/
Notified WordPress: 2015-06-21
==========================================================
 
## Plugin description
==========================================================
A plugin to help you grab content of any post type and display them as you want
 
## Vulnerabilities
==========================================================
Two POST parameters (obj_field_name and obj_field_id) are printed unsanitized when the 'get_terms_taxonomies' action is executed. 
 
PoC: 
 
Log...

Leggi il seguito »

WordPress Default Facebook Thumbnails 0.4 Cross Site Scripting

31 agosto 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'Default Facebook Thumbnails' Plugin 
Version: 0.4
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Date: 2015-06-13
Download: 
- https://wordpress.org/plugins/default-facebook-thumbnail/
- https://plugins.svn.wordpress.org/default-facebook-thumbnail/
Notified WordPress: 2015-06-21
==========================================================
 
## Plugin description
==========================================================
This plugin adds a og:image tag to your head with the input/upload of the image in the settings.
 
## XSS/CSRF Vulnerabilities
==========================================================
The request URI is echo'ed into the HTML page without sanitization. This can be exploited with...

Leggi il seguito »

WordPress Chief Editor 3.6.1 Cross Site Scripting

31 agosto 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'Chief Editor' Plugin 
Version: 3.6.1
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Date: 2015-06-17
Download: 
- https://wordpress.org/plugins/chief-editor/
- https://plugins.svn.wordpress.org/chief-editor/
Notified Vendor/WordPress: 2015-06-21
==========================================================
 
## Plugin description
==========================================================
Helps wordpress multisite "chief editor" to manage all drafts, comments, authors and "ready for publication" sends across the netw
 
## Vulnerabilities
==========================================================
Some POST parameters are printed directly to the HTML without being sanitized. 
 
PoC:
Log...

Leggi il seguito »

WordPress 1-Click Retweet/Share/Like 5.2 Cross Site Scripting

31 agosto 2015 - Fonte: http://www.mondounix.com
Title: WordPress '1-click Retweet/Share/Like' Plugin 
Version: 5.2
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Date: 2015-06-21
Download: 
- https://wordpress.org/plugins/1-click-retweetsharelike/
- https://plugins.svn.wordpress.org/1-click-retweetsharelike/
Notified Vendor/WordPress: 2015-06-21
==========================================================
 
## Plugin description
==========================================================
Adds Facebook Like, Facebook Share, Twitter, Google +1, LinkedIn Share, Facebook Recommendations. Automatic publishing of content to 20+ Social Networ
 
## Vulnerabilities
==========================================================
The plugin is vulnerable to reflected XSS.
 
PoC:
Submit...

Leggi il seguito »

WordPress Author Manager 1.0 Cross Site Scripting

31 agosto 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'Author Manager' Plugin 
Version: 1.0
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Date: 2015-06-16
Download: 
- https://wordpress.org/plugins/author-manager/
- https://plugins.svn.wordpress.org/author-manager/
Notified Vendor/WordPress: 2015-06-21
==========================================================
 
## Plugin description
==========================================================
Author Manager is a must-have for administrators of a multiple-author WordPress site. Easily view post statistics by date.
 
## Vulnerabilities
==========================================================
Some of the fields in the admin panel is vulnerable to XSS.
 
PoC:
Log in as admin and submit the...

Leggi il seguito »

WordPress Ads In Bottom Right 1.0 Cross Site Scripting

31 agosto 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'Ads in bottom right' Plugin 
Version: 1.0
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Date: 2015-06-16
Download: 
- https://wordpress.org/plugins/ads-in-bottom-right/
- https://plugins.svn.wordpress.org/ads-in-bottom-right/
Notified Vendor/WordPress: 2015-06-21
==========================================================
 
## Plugin description
==========================================================
This plugin allow you show advertising in bottom right, you can put images, flash or any html code which you want.
 
## Vulnerabilities
==========================================================
Plugin settings vulnerable to XSS attacks.
 
PoC:
Log in as admin and submit the following...

Leggi il seguito »

WordPress Google Plus One Button By KMS 1.5.0 CSRF / XSS

31 agosto 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'Google 'Plus one' Button by kms' Plugin 
Version: 1.5.0
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Date: 2015-06-16
Download: 
- https://wordpress.org/plugins/google-plus-one-button-by-kms/
- https://plugins.svn.wordpress.org/google-plus-one-button-by-kms/
Notified WordPress: 2015-06-21
==========================================================
 
## Plugin description
==========================================================
WordPress bővítmény a Google +1 (plus one) gomb elhelyezésére. Megjeleníthető bejegyzés előtt, után, illetve az írások mellett bal oldalon
 
## CSRF/XSS vulnerabilities
==========================================================
The _SERVER variable 'REQUEST_URI'...

Leggi il seguito »

WordPress Advance Categorizer 0.3 Cross Site Scripting

31 agosto 2015 - Fonte: http://www.mondounix.com
Title: WordPress 'Advance Categorizer' Plugin 
Version: 0.3
Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej
Date: 2015-06-24
Download: 
- https://wordpress.org/plugins/advance-categorizer/
- https://plugins.svn.wordpress.org/advance-categorizer/
Notified WordPress: 2015-06-24
==========================================================
 
## Plugin description
==========================================================
Allows you to add multiple categories using comma seperated text. You can also start via url "/wp-admin/post-new.php?cat=category1, category2, categor
 
## Reflected XSS vulnerabilities
==========================================================
The plugin is vulnerable to reflected XSS, which...

Leggi il seguito »