Time spent: 10 hours total README.md
-
Authenticated Stored Cross-Site Scripting (XSS) Summary:
- Vulnerability type: XSS
- Tested in version: 4.2
- Fixed in version: 4.2.3
GIF Walkthrough:
Steps to Reproduce: Create a page/post and add:
<a href="[caption code=">]</a><a title=" onmouseover=alert('test') ">link</a>
to the body. Make sure to be in the text mode and not visual mode for the body section.
Reference: https://klikki.fi/adv/wordpress3.html
- Authenticated Cross-Site Scripting (XSS)
Summary:
- Vulnerability type: XSS
- Tested in version: 4.2
- Fixed in version: 4.2.6
GIF Walkthrough:
Steps to Reproduce: Go to a post and make a comment that says:
http://www.example.com/wp-admin/customize.php?theme=<svg onload=alert(1)>
Once you post the comment, a pop up that says “Alert(1)” will show up.
References: https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1564
-
Pulpload Same Origin Method Execution (SOME) Summary:
- Vulnerability type: XSS
- Tested in version: 4.2
- Fixed in version: 4.2.8
GIF Walkthrough:
Steps to Reproduce: Go to any post and make a comment with the following code:
<button onclick="fire()">Click</button> <script> function fire() { open('javascript:alert(1)'); } </script>
Post the comment and click on the button in the comment. A pop up that says “Alert(1)" will show up.
References: https://wpvulndb.com/vulnerabilities/8489 https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e