You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Word Press Product Bugs Report
Bug Name Cross Site Scripting (XSS)
Software: Blubrry PowerPress Podcasting plugin
Version: 6.0.4
Last Updated: 27-08-2015
Homepage: https://wordpress.org/plugins/powerpress/developers/
Compatible Up to Wordpress 4.3.0 Version (Requires: 3.6 or higher)
Severity High
Description: Cross Site Scripting (XSS) vulnerability in WordPress plugin NextGen Gallery
Now, the added XSS payload will be echoed back from the server without validating the input. It also affects wp-config.php file, $table_prefix and corrupts the database connectivity.
Note: XSS payload has been tried with the application once after implementing Unfiltered Html Settings as defined to wp-config.php file.
Logon into any wordpress application (localhost or public host)
Modifying the value of tab variable in Blubrry PowerPress Version 6.0.4
Fill all the variables with "></script><script>alert(document.cookie);</script> payload and send the request to the server.
Now, the added XSS payload will be echoed back from the server without validating the input even after wp-config.php file has been configured with XSS filter settings.
Timeline
2015-09-04 – Discovered in Blubrry PowerPress Podcasting plugin 6.0.4 version.
2015-09-04 – Reported to plugins@wordpress.org
2015-09-07 – Vendor Responded, "Thank you for reporting this plugin. We're looking into it right now."
2015-09-09 – Fixed in Blubrry PowerPress Podcasting plugin 6.0.5 version.
Details
Word Press Product Bugs Report
Bug Name Cross Site Scripting (XSS)
Software: Blubrry PowerPress Podcasting plugin
Version: 6.0.4
Last Updated: 27-08-2015
Homepage: https://wordpress.org/plugins/powerpress/developers/
Compatible Up to Wordpress 4.3.0 Version (Requires: 3.6 or higher)
Severity High
Description: Cross Site Scripting (XSS) vulnerability in WordPress plugin NextGen Gallery
Proof of concept: (POC)
Visit the following page on a site with this plugin installed. http://yourwordpresssite.com/wordpress/wp-admin/admin.php?page=powerpress/powerpressadmin_basic.php and modify the value of tab variable with
"></script><script>alert(document.cookie);</script>payload and send the request to the server.Now, the added XSS payload will be echoed back from the server without validating the input. It also affects wp-config.php file, $table_prefix and corrupts the database connectivity.
Note: XSS payload has been tried with the application once after implementing Unfiltered Html Settings as defined to wp-config.php file.
define( 'DISALLOW_UNFILTERED_HTML', true );
Issue 1:
The Post Request tab variable in the URL http://localhost/wordpress/wp-admin/admin.php?page=powerpress/powerpressadmin_basic.php is vulnerable to Cross Site Scripting (XSS)
Figure 1: Invalid HTTP script Request sent to the server through the vulnerable tab variable in the URL http://yourwordpresssite.com/wordpress/wp-admin/admin.php?page=powerpress/powerpressadmin_basic.php and its echoed back in the HTTP Response without validation.
Reproducing Steps
"></script><script>alert(document.cookie);</script>payload and send the request to the server.Timeline
2015-09-04 – Discovered in Blubrry PowerPress Podcasting plugin 6.0.4 version.
2015-09-04 – Reported to plugins@wordpress.org
2015-09-07 – Vendor Responded, "Thank you for reporting this plugin. We're looking into it right now."
2015-09-09 – Fixed in Blubrry PowerPress Podcasting plugin 6.0.5 version.
Discovered by:
Sathish from Cyber Security Works Pvt Ltd
The text was updated successfully, but these errors were encountered: