wp-plugin : blogroll-fun – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : blogroll-fun

 

Effected Version : 0.8.4 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Anant Shrivastava

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 
   http://localhost/wp-content/plugins/blogroll-fun/blogroll.php?k=<script>alert(document.cookie)</script>

 

Vulnerable Parameter : k

 

Type of XSS : Reflected

 

Fixed in : 0.8.5

 

Trac Changelog : https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=833165%40blogroll-fun&old=833158%40blogroll-fun&sfp_email=&sfph_mail=

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-04

 
Plugin Status : Updated on 2014-01-05
 
Public Disclosure : July 7, 2014
 
CVE Number : Not assigned yet

 
Plugin Description :
 
Blogroll Fun uses a subscription to a free service that allows it to easily determine the last update time and the last post for all of the links in your blogroll without slowing down the loading time of your blog.  It allows you to choose if you want to display this information in your blogroll or not.  It simply replaces the standard wordpress link widget while providing additional functionality.

Blogroll Fun can be compared to the feed reading blogroll.  However, unlike feed reading blogroll the last post information is sent to your blog and stored with your blogroll.  It does not rely on your visitors to load this information, or any javascript tricks.

Settings can be updated by going to manage, widgets, then edit on the links widget.

Currently, no ads are being delivered through this plugin.

Leave a Reply

Your email address will not be published. Required fields are marked *