wp-plugin : athlon-manage-calameo-publications

Plugin Details
Plugin Name: wp-plugin : athlon-manage-calameo-publications
Effected Version : 1.1.0 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Identified by : anantshri
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :
 http://localhost/wp-content/plugins/athlon-manage-calameo-publications/thickbox_content.php?attachment_id=id"><script>alert(document.cookie)</script>&

 

Vulnerable Parameter : attachment_id

 

Type of XSS : Reflected

 

Fixed in : 1.1.1

 

Trac Changelog : https://plugins.trac.wordpress.org/changeset/834393/athlon-manage-calameo-publications/trunk/thickbox_content.php?old=690538&old_path=athlon-manage-calameo-publications%2Ftrunk%2Fthickbox_content.php


Disclosure Timeline
Vendor Contacted : 2014-01-04
Plugin Status : Updated on 2014-01-07
Public Disclosure : July 7, 2014
CVE Number :
Plugin Description :
[| This plugin allows managing Calameo account(s) through WordPress. It gives users the ability to upload documents to Calameo and update or delete them afterwards. Once a document is uploaded its preview can be easily embedded into blog posts or pages using the custom "Calameo" button in the WYSIWYG text editor. <a href="http://wordpress.org/extend/plugins/wp-calameo/" >WP Calameo</a> plugin must be installed in order to use `Athlon Manage Calameo Publication` plugin's all features. http://www.athlonproduction.com/ ]