Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25197
HistoryNov 28, 2010 - 12:00 a.m.

Vulnerabilities in Register Plus for WordPress

2010-11-2800:00:00
vulners.com
7
JSON

Hello Bugtraq!

I want to warn you about Cross-Site Scripting, Insufficient Anti-automation
and Full path disclosure vulnerabilities in plugin Register Plus for
WordPress.

Affected products:

Vulnerable are versions of plugin Register Plus 3.5.1 and previous versions.
Also for Insufficient Anti-automation are vulnerable WordPress 3.0.1 and
previous versions.

Details:

XSS (WASC-08):

POST request at page http://site/wp-login.php?action=register

"><script>alert(document.cookie)</script>
In fields: First Name, Last Name, Website, AIM, Yahoo IM, Jabber / Google
Talk, Password, Confirm Password.

</textarea><script>alert(document.cookie)</script>
In field: About Yourself.

Insufficient Anti-automation (WASC-21):

http://site/wp-login.php?action=register

In registration form there is no protection from automated requests
(captcha). There is such vulnerability also in WordPress itself.

Full path disclosure (WASC-13):

http://site/wp-content/plugins/register-plus/dash_widget.php

http://site/wp-content/plugins/register-plus/register-plus.php

Timeline:

2010.09.17 - announced at my site.
2010.09.18 - informed developer.
2010.11.24 - disclosed at my site.

Taking into account, that this plugin is no more supported by developer,
then users of the plugin need to fix these holes by themselves.

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4539/&#41;.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

JSON